Logical Methods in Computer Science 
Vol. 5 (3:8) 2009, pp. 1-69 
www.lmcs-online.org 



Submitted Jan. 2, 2008 
Published Sep. 11,2009 



FULL ABSTRACTION FOR NOMINAL GENERAL REFERENCES 



NIKOS TZEVELEKOS 



Oxford University Computing Laboratory 
e-mail address: nikt@comlab.ox.ac.uk 



Abstract. Game semantics has been used with considerable success in formulating fully 
abstract semantics for languages with higher-order procedures and a wide range of com- 
putational effects. Recently, nominal games have been proposed for modelling functional 
languages with names. These are ordinary, stateful games cast in the theory of nominal 
sets developed by Pitts and Gabbay. Here we take nominal games one step further, by 
developing a fully abstract semantics for a language with nominal general references. 
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1. Introduction 

Functional languages constitute a programming paradigm built around the intuitive notion 
of a computational function, that is, an effectively specified entity assigning values from a 
codomain to elements of a domain in a pure manner: a pure function is not allowed to carry 
any notion of state or side-effect. This simple notion reveals great computational power if 
the domains considered are higher-order, i.e sets of functions: with the addition of recursive 
constructs, higher-order functional computation becomes Turing complete (PCF \£2\ I37j). 
In practice, though, functional programming languages usually contain impure features that 
make programming simpler (computational effects), like references, exceptions, etc. While 
not adding necessarily to its computational power, these effects affect the expressivity of a 
language: two functions which seem to accomplish the same task may have different inner- 
workings which can be detected by use of effects (e.g. exceptions can distinguish constant 
functions that do or do not evaluate their inputs). The study of denotational models for 
effects allows us to better understand their expressive power and to categorise languages 
with respect to their expressivity. 

A computational effect present in most functional programming languages is that of 
general references. General references are references which can store not only values of 
ground type (integers, booleans, etc.) but also of higher-order type (procedures, higher- 
order functions) or references themselves. They constitute a very powerful and useful pro- 
gramming construct, allowing us not only the encoding of recursion (see example 13.41) but 
also the simulation of a wide range of computational effects and programming paradigms 
(e.g. object-oriented programming section 2.3] or aspect-oriented programming |40j). 
The denotational modelling of general references is quite demanding since, on top of phe- 
nomena of dynamic update and interference, one has to cope with the inherent cyclicity 
of higher-order storage. In this paper we provide a fully abstract semantics for a language 
with general references called the vp- calculus. 

The ^-calculus is a functional language with dynamically allocated general references, 
reference-equality tests and "good variables" , which faithfully reflects the practice of real 
programming languages such as ML [27J. In particular, it extends the basic nominal lan- 
guage of Pitts and Stark [36J, the ^-calculus, by using names for general references. That 
is, names in vp are atomic entities which can be (cf. |36j): 

created with local scope, updated and dereferenced, tested for equality and 
passed around via function application, but that is all. 
The fully abstract model of vp is the first such for a language with general references and 
good variables Q 

Fully abstract models for general references were given via game semantics in [3] and 
via abstract categorical semantics (and games) in |20j . Neither approach used names. The 
model of [3] is based on the idea of relaxing strategy conditions in order to model computa- 
tional effects. In particular, it models references as variables of a read/write product type 
and it uses strategies which violate visibility in order to use values assigned to references 
previously in a play. The synchronisation of references is managed by cell strategies which 
model fresh-reference creation. Because references are modelled by products, and in order 
to produce a fully abstract semantics, the examined language needs to include bad variables, 
which in turn yield unwanted behaviours affecting severely the expressivity of the language 



In fact, the i/p-calculus and its fully abstract model were first presented in |46| . of which the present 
paper is an extended and updated version. 
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and prohibit the use of equality tests for references @ On the other hand, the approach 
in [20] bypasses the bad-variables problem by not including types for references (variables 
and references of the same type coincide). This contributes new intuitions on sequential 
categorical behaviour {sequoidal category), but we think that it is somehow distanced from 
the common notion of reference in functional programming. 

The full-abstraction problem has also been tackled via trace semantics in [23] ■ The 
language examined is a version of that in [3 J without bad variables. The latter are not needed 
since the modelling of references is achieved by names pointing to a store (which is analogous 
to our approach). Of relevance is also the fully abstract trace model for a language with 
nominal threads and nominal objects presented in [T7]. An important difference between 
trace models and game models is that the former are defined operationally (i.e. traces are 
computed by using the operational semantics), whereas game models are defined in a purely 
compositional manner. Nonetheless, trace models and game models have many similarities, 
deriving mainly from their sequential-interactive representation of computation, and in 
particular there are connections between [23J and the work herein that should be further 
examined. 

The approach. We model nominal computation in nominal games . These were introduced 
independently in [2j [21] for producing fully abstract models of the ^-calculus and its ex- 
tension with pointers respectively. Here we follow the formulation of [2j with rectifications 
pertaining to the issue of unordered state (see remark [4,20p Fl Thus, our nominal games 
constitute a stateful (cf. Ong [34] ) version of Honda- Yoshida call-by- value games [15] built 
inside the universe of nominal sets of Gabbay and Pitts [HI [35] . 

A particularly elegant approach to the modelling of names is by use of nominal 
sets [121 I35j . These are sets whose elements involve a finite number of atoms, and 
which can be acted upon by finite atom-permutations. The expressivity thus obtained 
is remarkable: in the realm (the category) of nominal sets, notions like atom-permutation, 
atom-freshness and atom- abstraction are built inside the underlying structure. We there- 
fore use nominal sets, with atoms playing the role of names, as a general foundation for 
reasoning about names. 

The essential feature of nominal games is the appearance of names explicitly in plays 
as constants (i.e. as atoms), which allows us to directly model names and express name- 
related notions (name-equality, name-privacy, scope-extrusion, etc.) in the games setting. 
Thus nominal games can capture the essential features of nominal computation and, in 
particular, they model the ^-calculus. From that model we can move to a model of vp by 
an appropriate effect- encapsulation procedure, that is, by use of a store-monad. A fully 
abstract model is then achieved by enforcing appropriate store-discipline conditions on the 
games. 

2 By "bad variables" we mean read/write constructs of reference type which are not references. They are 
necessary for obtaining definability and full-abstraction in [3] since read/write-product semantical objects 
may not necessarily denote references. 

^The nominal games of [2] use moves attached with finite sets of names. It turns out, however, that 
this yields discrepancies, as unordered name-creation is incompatible with the deterministic behaviour of 
strategies and, in fact, nominal games in [2] do not form a category. Here (and also in 46 ), we recast 
nominal games using moves attached with name-lists instead of name-sets. This allows us to restrict our 
attention to strong nominal sets (v. definition 1 2. 6 [I . a restriction necessary for overcoming the complications 
with determinacy. 
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The paper is structured as follows. In section 2 we briefly present nominal sets and 
some of their basic properties. We finally introduce strong nominal sets, that is, nominal 
sets with "ordered involvement" of names, and prove the strong support lemma. In section 3 
we introduce the i//>calculus and its operational semantics. We then introduce the notion 
of a up-model, which provides abstract categorical conditions for modelling vp in a setting 
involving local-state comonads and a store-monad. We finally show definability and, by use 
of a quotienting procedure, full-abstraction in a special class of i/p-models. In section 4 
we introduce nominal games and show a series of results with the aim of constructing a 
category V t of total, innocent nominal strategies. In the end of the section we attempt a 
comparison with the nominal games presented by Laird in |21l [24"] . In section 5 we proceed 
to construct a specific fully abstract ^p-model in the category V t . The basic ingredients 
for such a construction have already been obtained in the previous section, except for the 
construction of the store-monad, which involves solving a recursive domain equation in V t . 
Once this has been achieved and the i/p-model has been obtained, we further restrict legal 
strategies to tidy ones, i.e. to those that obey a specific store-related discipline; for these 
strategies we show definability and full-abstraction. We conclude in section 6 with some 
further directions. 

The contributions of this paper are: a) the identification of strong nominal sets as the 
adequate setting for nominal language semantics; b) the abstract categorical presentation 
in a monadic-comonadic setting of models of a language with nominal general references; 
c) the rectification of nominal games of [2] and their use in constructing a specific such 
model; d) the introduction of a game-discipline (tidiness) to capture computation with 
names- as-references, leading to a definable and hence fully abstract game model. 

2. Theory of nominal sets 

We give a short overview of nominal sets, which form the basis of all constructions presented 
in this paper; our presentation generally follows [35]. Nominal sets are an inspiring paradigm 
of the universality (and reusability) of good mathematics: invented in the 1920's and 1930's 
by Praenkel and Mostowski as a model of set theory with atoms (ZFA) for showing its 
independence from the Axiom of Choice, they were reused in the late 1990's by Gabbay 
and Pitts [12] as the foundation of a general theory of syntax with binding constructs. The 
central notion of nominal sets is that of atoms, which are to be seen as basic 'particles' 
present in elements of nominal sets, and of atom-permutations which can act upon those 
elements. Moreover, there is an infinite supply of atoms, yet each element of a nominal 
set 'involves' finitely many of them, that is, it has finite support with regard to atom- 
permutations. 

We will be expressing the intuitive notion of names by use of atoms, both in the abstract 
syntax of the language and in its denotational semantics. Perhaps it is not clear to the reader 
why nominal sets should be used — couldn't we simply model names by natural numbers? 
Indeed, numerals could be used for such semantical purposes (see e.g. [24]), but they would 
constitute an overspecification: numerals carry a linear order and a bottom element, which 
would need to be carefully nullified in the semantical definitions. Nominal sets factor out 
this burden by providing the minimal solution to specifying names; in this sense, nominal 
sets are the intended model for names. 
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2.1. Nominal sets. Let us fix a countably infinite family (Aj)j ea , of pairwise disjoint, 
countably infinite sets of atoms, and let us denote by PERM(Aj) the group of finite per- 
mutations of Aj. Atoms are denoted by a, b, c and variants; permutations are denoted by tt 
and variants; id is the identity permutation and {a b) is the permutation swapping a and 
b (and fixing all other atoms). We write A for the union of all the Aj's. We take 

PERM(A) = 0PERM(Ai) (2.1) 

16/ 

to be the direct sum of the groups PERM(Aj), so PERM(A) is a group of finite permutations 
of A which act separately on each constituent Aj. In particular, each tt G PERM(A) is 
an w-indexed list of permutations, tt G Iliej PERM(Aj), such that (7r)j ^ id^ holds for 
finitely many indices i. In fact, we will write (non-uniquely) each permutation tt as a finite 
composition 

TT = TTi O • • • O TT n 

such that each TTi belongs to some PERM(AjJ — note that jj's need not be distinct. 

Definition 2.1. A nominal set X is a set \X\ (usually denoted X) equipped with an 
action of PERM(A), that is, a function _ ° _ : PERM(A) x X — > X such that, for any 
7r,7r' G PERM(A) and x G X, 

tt ° {tt 1 ° x) = {tt o tt') ° x , id ° X = X . 

Moreover, for any x G X there exists a finite set S such that, for all permutations tt, 

(VaG S. n(a) = a) =>■ tt ° x = x . A 

For example, A with the action of permutations being simply permutation-application is 
a nominal set. Moreover, any set can be trivially rendered into a nominal set of elements 
with empty support. 

Finite support is closed under intersection and hence there is a least finite support for 
each element x of a nominal set; this we call the support of x and denote by S(x). 

Proposition and Definition 2.2 ([12J). Let X be a nominal set and x G X. For any 

finite S C A, S supports x iff Va, a' G (A \ S). (a a') ° x = x . 

Moreover, if finite S,S' C A support x then S H S' also supports x. Hence, we can 
define 

S{%) — f^|{ S C f i n A | S supports x } , 
which can be expressed also as: 

S{x) = { a G A | for infinitely many b. (a b) ° x ^ x} . rj 

For example, for each a G A, S(a) = {a}. We say that a is fresh for x, written a # x, if 
a ^ S(x). x is called equivariant if it has empty support. It follows from the definition 
that 

a# x <^=^ for cofinitely many 6. (a b) ° x = x . (2-2) 
There are several ways to obtain new nominal sets from given nominal sets X and Y: 

• The disjoint union X\&Y with permutation-action inherited from X and Y is a nominal 
set. This extends to infinite disjoint unions. 

• The cartesian product X xY with permutations acting componentwise is a nominal 
set; if (x,y) e X xY then S(x,y) = S(x) U S(y). 
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• The fs-powerset Vf s (X), that is, the set of subsets of X which have finite support, with 
permutations acting on subsets of X elementwise. In particular, X' C X is a nominal 
subset of X if it has empty support, i.e. if for all and permutation ir, ir ° x G X'. 

Apart from A, some standard nominal sets are the following. 

• Using products and infinite unions we obtain the nominal set 

A # 4 (J{ai . . . a„ | Vi, j G l..n. a, G A A (j ^ i aj / <w) } , (2.3) 

n 

that is, the set of finite lists of distinct atoms. Such lists we denote by o, b, c and 
variants. 

• The fs-powerset 'Pfs(A) is the set of finite and cofinite sets of atoms, and has "Pfi n (A) as 
a nominal subset (the set of finite sets of atoms). 

For X and Y nominal sets, a relation KClxFisa nominal relation if it is a nominal 
subset of XxY. Concretely, 1Z is a nominal relation iff, for any permutation n and (x, y) G 
XxY, 

xlZy (it ° x)1Z(ti ° y) . 

For example, it is easy to show that # C A x X is a nominal relation. Extending this 
reasoning to functions we obtain the notion of nominal functions. 

Definition 2.3 (The category Nom). We let Nom be the category of nominal sets 
and nominal functions, where a function / : X — » Y between nominal sets is nominal if 
/(tto x) = 7To f{x) for any ir G PERM(A) and x £ X. ▲ 

For example, the support function, S(_) : X — > 7^ (A) , is a nominal function since 

S(ir ° x) = 7r o S(x) . 

Nom inherits rich structure from Set and is in particular a topos. More importantly, it 
contains atom-abstraction mechanisms; we will concentrate on the following. 

Definition 2.4 (Nominal abstraction). Let X be a nominal set and x G X. For any 

finite S C A, we can abstract x to S, by forming 

Ms = { y G X | 3-7T. (Va G 5 n S(x). 7r(o) =a)Ay = 7r°x}. 

▲ 

The abstraction restricts the support of x to S n S(x) by appropriate orbiting of x (note 
that [x]s G ■Pfs(X)). In particular, we can show the following. 

Lemma 2.5 (08]). For any x e X, S C fin A and 7r G PERM(A), 

7ro[s] 5 = [7r<.s] WoS A S([i] s ) = S(i)n5. □ 

Two particular subcases of nominal abstraction are of interest. Firstly, in case S C S(x) 
the abstraction becomes 

[x]s = { y G X | zk. (Va G S. ir(a) = a) Ay = it ° x} . (*) 

This is the mechanism used in |46j . Note that if S S(x) A S(x) S then (*) does not yield 
S([ x ]sO = S n S(x). The other case is the simplest possible, that is, of S being empty; it 
turns out that this last constructor is all we need from nominal abstractions in this paper. 
We define: 

[x] 4 { y £ X \ 3ir.y = iro x } . (2.4) 
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2.2. Strong support. Modelling local state in sets of atoms yields a notion of unordered 
state, which is inadequate for our intended semantics. Nominal game semantics is defined 
by means of nominal strategies for games that model computation. These strategies, how- 
ever, are deterministic up to choice of fresh names, a feature which is in direct conflict to 
unordered state. For example, in unordered state the consecutive creation of two atoms 
a, b is modelled by adding the set {o, b} to the local state; on the other hand, by allowing 
strategies to play such moves we lose determinism in strategies 

Ordered state is therefore more appropriate for our semantical purposes and so we 
restrict our attention to nominal sets with ordered presence of atoms in their elements. 
This notion is described as strong support^ 

Definition 2.6. For any nominal set X, any x £ X and any S C A, S strongly supports 
x if, for any permutation tt, 



We say that X is a strong nominal set if it is a nominal set with all its elements having 



Compare the last assertion above with that of definition 12.11 which employs only the left- 
to-right implication. In fact, strong support coincides with weak support when the former 
exists. 

Proposition 2.7. If X is a nominal set and x € X has strong support S then S = S(x). 

Proof: By definition, S supports x, so S(x) C S. Now suppose there exists a G S \ S(x). 
For any fresh b, (a b) fixes S(x) but not S, so it doesn't fix x, \ . □ 

Thus, for example, the set {a, b} C Aj of the previous paragraph does not have strong 
support, since the permutation (a b) does not fix the atoms in its support (the set {a, b}) 
but still (a b) ° {a, b} = {a, b}. On the other hand, {a, b} strongly supports the list ab. In 
fact, all lists of (distinct) atoms have strong support and therefore A* is a strong nominal 
set (but Pfj n (A) is not). 

The main reason for introducing strong nominal sets is the following result, which is a 
specialised version of the Strong Support Lemma of [H] (with S = 25). 

Lemma 2.8 (Strong Support Lemma). Let X be a strong nominal set and let 
x\, x 2 , 2/1, 2/2, zi, z 2 € X. Suppose also that S(yi) n S(z«) C S(xi) , for i = 1,2, and that 
there exist tt v ,tt z such that 

TT y ° XI = TT Z ° X\ = X 2 , % ° 2/1 = 2/2 , n z ° z 1 = z 2 . 

Then, there exists some n such that ir ° x\ = x 2 , vr ° y\ = y 2 and tt ° Z\ = z 2 - 



Proof: Let Aj = S(z{) \ S(xj) , i = 1, 2 , so A 2 = 7r z ° Ai, and let tt' = TTy 1 o n z . By 
assumption, tt' ° x\ = x%, and therefore by strong support vr'(a) = a for all a € S(xi). 
Take any b £ Aj. Then 7r'(6) # 7r'o xi = xi and vr z (6) G 7r 2 » Ai = A 2 , .'. 7T 2 (^) # 2/2) 
■ '• tt'(&) # TTy 1 ° 2/2 = 2/1- Hence, 




strong support. 



▲ 



b£ Ai b,7r'(6)#xi,2/i. 



The problematic behaviour of nominal games in weak support is discussed again in remark [4.201 
5 An even stricter notion of support is linear support, introduced in [31]: a nominal set X is called linear 
if for each x G X there is a linear order < x of S(x) such that a < x b n(a) < wo x 7r(6). 
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Now assume Ai = {6i,...,fejv} and define 7Q,...,7rjv by recursion: 

7T = id , 7r i+ i = {b i+ i TTi ° ir' ° b i+ i) o ix, L . 

We claim that, for each < i < N and 1 < j < i, we have 

TTj o vr' o = , 7Tj o xi = xi , 7Tj ° yi = yi . 

We do induction on i; the case of i = is trivial. For the inductive step, if 7Tj ° tt' ° = fcj+i 
then 7Tj+i = TTi, and 7Tj+i o t'o = 7Tj o a = Moreover, by IH, Hi+i ° n' ° bj = 
bj for all 1 < j < i, and 7Tj + i ° xi = x\ and 7Tj + i ° yi = y\. If vr^ ° tt' ° = / then, 
by construction, tt^i ° tt' ° = Moreover, for each 1 < j < i, by IH, 7r.j + i ° ir' ° bj = 
(bi + i b' i+l )o bj, and the latter equals bj since bi + \ ^ bj implies b' i+1 ^ TXi° tt' ° bj- = 6j. 
Finally, for any a G S(xi) U S(yi), vr i+ i ° a = (b i+1 7^° a = {b i+1 &- + i)° a, by IH, 

with a 7^ But the latter equals a since vr'(6j +1 ) 7^ a implies that ^ -Ki° a = a, as 
required. 

Hence, for each 1 < j < N , 

ir N ° 7r' ° 6j = bj , 7Tat ° a?i = xi , ir N ° j/i = yi . 

Moreover, tin ° n' ° z\ = z%, as we also have 

b G S(zi) Pi S(iCi) ==> 7Tat ° tt' ° b = ttn ° b = b 

(again by strong support). Thus, considering tt = ir y o -zr^ 1 we have: 

% ^jv 1 x i = % ^1 = x 2 > % ^at 1 yi = % yi = 2/2 , 

% z i = % 71 "tv 1 ^ 7r ' z i = % 7r ' z i = % ^ 71-2 Zl = Z2 ' 
as required. □ 

A more enlightening formulation of the lemma can be given in terms of abstractions, as in 
the following table. In the context of nominal games later on, the strong support lemma 
will guarantee us that composition of abstractions of plays can be reduced to composition 
of plays. 



Strong Support Lemma. 

Let X be a strong nominal set and x±, x%, Vi, 2/2 5 z i, ^2 € X. Suppose also that 
S(yi) PI S(zi) C S(xi) , for i = 1,2, and moreover that 

[Xl,yi] = [X2,V2], [X1,Z%\ = [X 2 ,Z 2 }. 

Then, [xi,yi,zi] = [x2, 2/2,^2]- 



3. The language 

The language we examine, the ^p-calculus, is a call-by-value A-calculus with nominal general 
references. It constitutes an extension of the ^-calculus [36] and Reduced ML [HI chapter 
5] in which names are used for general references. It is essentially the same calculus of [23J, 
that is, the mkvar-free fragment of the language of [3] extended with reference-equality tests 
and names. 
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a | r |— skip : 1 

a | T |- M : A a \ V |- N : B 
a | T |— (M, N) : A x B 

a\T\-M:N a \ T \- N, : A (i=i,2) 
a | T |- if M then N x else N 2 : A 

a | T |- M : A -»■ B a \ T |- N : A 
a | T |- MiV : B 

a | T |- M : [A] a\T \— N : [A] 
a | r \- [M = N) : N 

a | T |- M : [A] 

a | T |- M := iV : 1 a | T |- ! M : A 

Figure 1: Typing rules. 

3.1. Definitions. The syntax of the language is built inside Nom. In particular, we assume 
there is a set of names (atoms) € (Aj)j ea; for each type A in the language. Types include 
types for commands, naturals and references, product types and arrow types. 

Definition 3.1. The ^p-calculus is a typed functional language of nominal references. Its 
types, terms and values are given as follows. 

TY 9 A, B ::= t | N [A] A -> B | A x B 

TE B M,N ::= x | Xx.M \ MN (M, N) | fstM | sndiV 
| n | predM | succiV 
| skip | if M then N x else N 2 

| a 

| [M = N] 
| ua.M 
| M := N 
| !M 

VA 3 V, W ::= n | skip \a\x\ Xx.M | (V, W) 

The typing system involves terms in environments a \ T, where a a list of (distinct) names 
and r a finite set of variable-type pairs. Typing rules are given in figure [TJ A 

The ^-constructor is a name-binder: an occurrence of a name a inside a term M is bound 



a\T\- n:N a \ T, x: A |- x : A 
a I T I- M : A x B a I T \- M : A x B 



a | T |- f st M : A a\T |- sndM : B 
a | T |- M : N a \ T |- M : N 



a | T |- predM : N a | T |— succ M : N 
a | r,x:A |- M : B 



a I T I- Ax.M : A -> B 



a e a a aa | T |- Af : B 

Aa E a 



« I r I— « : [^1] - 1 r |_ ^ M . B 

a | T |- M : [A] a \ T \- N : A 



A-calculus 

arithmetic 

return / if_then_else 

reference to type A (a £ Aa) 

name-equality test 

^-abstraction 

update 

dereferencing 
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if it is in the scope of some va . We follow the standard convention of equating terms up to 
a-equivalence, the latter defined with respect to both variable- and name-binding. 

Note that TE and VA are strong nominal sets: each name a of type A is taken from 
Aa and all terms contain finitely many atoms — be they free or bound — which form their 
support. Note also the notion of ordered state that is imposed by use of name-lists (instead 
of name-sets) in type-environments. In fact, we could have used unordered state at the level 
of syntax (and operational semantics) of vp, and ordered state at the level of denotational 
semantics. This already happens with contexts: a context T is a set of premises, but [r] is 
an (ordered) product of type-translations. Nevertheless, we think that ordered state does 
not add much complication while it saves us from some informality. 

The operational semantics of the calculus involves computation in some store environ- 
ment where created names have their values stored. Formally, we define store environments 
S to be lists of the form: 

S ::= e | a, S | a :: V,S. (3.1) 
Observe that the store may include names that have been created but remain as yet unas- 
signed a value. For each store environment S we define its domain to be the name- list given 
by: 

dom(e) = e, dom(a, S) = a, dom(5) , dom(a :: V, S) = a, dom(S') . (3-2) 
We only consider environments whose domains are lists of distinct names. We write 
S \=r,A M, or simply S \= M, only if dom(S') | T \— M : A is valid (i.e., derivable). 

Definition 3.2. The operational semantics is given in terms of a small-step reduction, the 
rules of which are given in figure [2j Evaluation contexts E[_] are of the form: 

[_ = N] , [a = _] , !_,_:= N , a := _ , if _ then JVi else N 2 , 

(Xx.N)_ , _ N , fst_ , snd_ , pred_ , succ_ , (_ , N) , (V, _ ) A 

We can see that up is not strongly normalising with the following example. Recall the 



NEW ■ a # S SUC 

S |= va.M — ► S, a \= M S \= succn — ► S (= n+1 



EQ — ; — ; ; ; ™=° } { a =£ prd 



S^[a = b] — >S^n n=1 if a ^ b S \= pred (n+1) — ► S \= n 



IFO l~\ ll ™~° PRD 



S h if n then JVi else N 2 — > S \= Nj i= 2 if " >0 S (= predO — > S \= 



upd ; ; fst 



S,a(:: W),S' \= a := V — > S,a :: V", 5' \= skip S \= fst (V,W) — > S \= V 



DRF ; ; SND 



LAM 



S,a :: V,S' \= la — > S,a :: V, S' \= V S \= snd (V, W) — > S \= W 

5 h M — > S' h M' 



S h (Az.M) M{V/x} CTX g h E[M] _^ s , h E[M1 



Figure 2: Reduction rules. 
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standard CBV encoding of sequencing: 

M;N = (Xz.N)M (3.3) 

with z not free in N. 

Example 3.3. For each type A, take 

stop^ = vb.{b := Xx.{\ 6)skip) ;(! 6)skip 
with b € Ai->a- We can see that stop^ diverges, since: 

|= stop^ — » b :: Ax.(! 6)skip (= (! 6)skip — > b :: Ax.(! 6)skip (= (Ax.(! 6)skip)skip 

— > 6 :: Ax.(!6)skip (= (!6)skip. n 

The great expressive power of general references is seen in the fact that we can encode the 
Y combinator. The following example is adapted from [3]. 

Example 3.4. Taking a £ A^^^, define: 

Ya — Xf.ua. (a := Xx.f(\ a)x) ; ! a . 

Y4 has type ((A — > A) ^> A — > A) ^ A ^ A and, for any relevant term M and value V, 
we have 

(= (Y A (Xy.M))V — » a:: Xx.{Xy.M)(\ a)x \= (la)V 

— ► a :: Ax.(Ay.M)(! a)x |= (Xx.{Xy.M){\ a)x)V 

— ► a :: Ax.(Ay.M)(! a)x |= (Ay.M)(! a)V , 

and also |= (Xy.M)(Y A (Xy.M))V — » a :: Ax.(Ay.M)(! a)x |= (Ay.M)(! a)F . 
For example, setting 

addrec x = Ax. ifO sndx then x else x(succ f st x, pred sndx) , 

add = Y(A/i.addrec/ l ) , 

S = a :: Ax.(A/i.addreCh)(! a)x , 

where x is a metavariable of relevant type, we have that, for any n, m € N, 

^ add(n, m) — » 5 |= (A/i.addrec/ l )(! a)(n, m) — » 5 |= addrec 5 ( a )(n, m) 

— » S \= if m then (n, m) else S'(a) (succ fst (n, m), pred snd (n, m)) 

— » 5|=5(o)(n+l,m-l) — ► S \= (A/i.addrec^)(! a)(n+l, m-1) 

••• — » 5 |= (A/i.addrec/ l )(! a)(n+m,0) — » £ |= (n+m, 0) . n 

The notions of observational approximation and observational equivalence are built 
around the observable type N. Two terms are equivalent if, whenever they are put inside 
a variable- and name-closing context of resulting type N, called a program context, they 
reduce to the same natural number. The formal definition follows; note that we usually 
omit a and T and write simply M ;$ N. 

Definition 3.5. For typed terms a \ V \— M : A and a \ T \— N : A , define 

a | r |- M < N VC. (3S'. \= C[M] — » S' \= 0) => (35". |= C[N] — » S" \= 0) 
where C is a program context. Moreover, ~ = ;$ H . ▲ 
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3.2. Categorical semantics. We now examine sufficient conditions for a fully abstract 
semantics of up in an abstract categorical setting. Our aim is to construct fully abstract 
models in an appropriate categorical setting, pinpointing the parts of structure needed for 
such a task. In section [5] we will apply this knowledge in constructing a concrete such model 
in nominal games. 

Translating each term M into a semantical entity [M] and assuming a preorder "<" 
in the semantics, full-abstraction amounts to the assertion: 

M < N [M\ < IN} (FA) 

Note that this formulation is weaker than equational full abstraction, which is given by: 

M ~ N [MJ = [AT] . (EFA) 

Nevertheless, once we achieve (|FAp we can construct an extensional model, via a quoti- 
enting construction, for which IEFAI holds. Being a quotiented structure, the extensional 
model does not have an explicit, simple description, and for this reason we prefer working 
with the intensional model (i.e., the unquotiented one). Of course, an intensional model 
satisfying (|EFA|) would be preferred but this cannot be achieved in our nominal games. 
Therefore, our categorical models will be guided by the (IFAI) formulation. 



3.2.1. Monads and comonads. The abstract categorical semantics we put forward is based 
on the notions of monads and comonads. These are standard categorical notions (v. [25J, 
and [H Triples]) which have been used extensively in denotational semantics of programming 
languages. We present here some basic definitions and properties. 



Monads. Monads were introduced in denotational semantics through the work of Moggi (29J 
[30] as a generic tool for encapsulating computational effects. Wadler [49J popularised mon- 
ads in programming as a means of simulating effects in functional programs, and nowadays 
monads form part and parcel of the Haskell programming language |18j . 

Definition 3.6. A strong monad over a category C with finite products is a quadruple 
(T, 77, //, r), where T is an endofunctor in C and rj : Idc — > T ', fi : T 2 — > T and r : _ x T_ — > 
T(_ x _) are natural transformations such that the following diagrams commute. 



Vta 




IxTA 



t i,a 



VAxB 



TA,B 



T(A x B 




{Ax.B)x.TC- 
Ax (B x TC) d 



^T((A xB)xC) A 



T 2 B 



T(A x TB) T -^r2 



A x T(B x C)_ 



id A x/i B 

T{A x (B x C)) 



AxTB 



T A,B 



T Z (A x B) 

^AxB 

T(A x B) 



Ld A XT B ^ C T A,BxC 

We say that C has T -exponentials if, for every pair B, C of objects, there exists an object 
TC B such that for any object A there exists a bijection 

Al B>c : C(A x B,TC) ^ C(A,TC B ) 
natural in A. ▲ 
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Given a strong monad (T, rj,fi, r), we can define the following transformations. 



rU ±TAxB 



B x TA 



T A,B 



T(B x A) ^ T(A x B) , 



B — TA x TB 



T(A x TB) 



Tt a ,b ^ 2 A ^ fj, A> 



*P'a b — TA x TB T(TA x B) 



Tt' 



T (A x B) 
T 2 (A x B) 



VAxB 



T{A x B) 
T(A x B) 



(3.4) 



Moreover, T-exponentials supply us with T -evaluation arrows, that is, 

iB „ n . t^i A 



ev^ c : TC B x 5 -> TC7 = A T l {xd TCB ) 



(3.5) 



so that, for each / : A x B — > TC, 

/ = A T (/)x B ;ev^ c . 

In fact, T-exponentiation upgrades to a functor (T_)~ : C op x C 
f : A' ^ A and g : B' —> B to 



C which takes each 



Tg f : TB 



l A 



TB- 



A T (TB' A x A 



l A 



,/ idx / 



TB' A x A 



TB 



TB) 



(3.6) 



Naturality of B c in A implies its naturality in B, C too, by use of the above construct. 

Comonads. Comonads are the dual notion of monads. They were first used in denota- 
tional semantics by Brookes and Geva [S] for modelling programs intensionally, that is, as 
mechanisms which receive external computation data and decide on an output. Monadic- 
comonadic approaches were examined by Brookes and van Stone [10] . 

Definition 3.7. A comonad on a category C is a triple (Q, e, 8), where Q is an endofunctor 
in C and e : Q — > Idc, 8 : Q — > Q 2 are natural transformations such that the following 
diagrams commute. 



Q 3 A 
Q 2 A ■ 



SqA 



Q 2 A 

Sa 

-QA 



£ QA 



Q£A 




Sa 

Now assume C has binary products. We define a transformation £ : Q(_ x _) — > _ x Q(-), 

Ca,b = Q{A x f?) > QA x QB > A x QB . 

Q is called a product comonad if £ is a natural isomorphism, and is written (Q,e,8, 
where £ is the inverse of A 

It is easy to see that the transformation £ makes the relevant (dualised) diagrams of defi- 
nition [3T6] commute, even without stipulating the existence of the inverse Note that we 
write C' f° r the symmetric counterparts of 

Product comonads are a stronger version of "strong comonads" of |10| . A product 
comonad Q can be written as: 

Q_ Ql x _ 

hence the nameJl We say that Ql is the basis of the comonad. 



'Note this is an isomorphism between comonads, not merely between functors. 
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Monadic- comonadic setting. In the presence of both a strong monad (T, rj, fx, r) and a prod- 
uct comonad (Q, e, 5, Q in a cartesian category C, one may want to solely consider arrows 
from some initial computation data (i.e., some initial state) of type A to some computation 
of type B, that is, arrows of type: 

QA -» TB 

This amounts to applying the biKleisli construction on C, that is, defining the category Cq 
with the same objects as C, and arrows 

C%(A,B) 4 C(QA,TB) . 

For arrow composition to work in the biKleisli category, we need a distributive law between 
Q and T, that is, a natural transformation £ : QT — > TQ making the following diagrams 
commute. 

Q^A , £TA m . , Q^A ^^-n ,, <5tA 




In this case, composition of / : QA 

Qf 



QT 2 A 

e T A-,Ti A 

T 2 QA 



■ QTA 
■TQA 



Q l TA 



MQA ~" TS A 

TB and g : QB — > TC is performed as: 



TQ 2 A 



Tg 



QA -> Q^4 QT.B ^ TQ5 -A T l C 



TC 



Since we are examining a monadic-comonadic setting for strong monad T and product 
comonad Q, a distributive law amounts to a natural transformation 

I : Ql x T_ -► T(Q1 x _) , 



which is therefore given for free: take I = tq\ v 
straightforwardly from the monadic equations. 



The distributivity equations follow 



Exponentials and the intrinsic preorder. The notion of T-exponentials can be generalised to 
the monadic-comonadic setting as follows. 

Definition 3.8. Let C be a category with finite products and let (T,rj, fi,r), (Q,e,S) be a 
strong monad and comonad, respectively, on C. We say that C has (Q,T)- exponentials 
if, for each pair B, C of in C there exists an object (Q, T)C B such that, for each object A, 
there exists a bijection 

4>a,b,c : C(Q(A x B),TC) ^ C(QA, (Q,T)C B ) 
natural in A. ▲ 

Assume now we are in a monadic-comonadic setting (C,Q,T) with T a strong monad with 
T-exponentials and Q a product comonad. (Q, T)-exponentials then come for free. 

Proposition 3.9. In the setting of the previous definition, if T is a strong monad with 
exponentials and Q is a product comonad then C has (Q,T)- exponentials defined by: 

(Q,T)C B = TC B , 

d)(f ) 4 A T (QA x B -C Q(A x B) A TC) . 
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(f> is a bijection with its inverse sending each g : QA — > TC to the arrow: 

Q(A xB)^QAxB ^> TC B xB ^ TC . D 

In the same setting, we can define a notion of intrinsic preorder. Assuming an object 
O of observables and a collection O C C(l,TO) of observable arrows, we can have the 
following. 

Definition 3.10. Let C,Q,T,0,0 be as above. We define < to be the union, over all 
objects A,B, of relations < AB Q C(QA,TB) 2 defined by: 

f<A,B9 Vp£C(Q(TB A ),TO). A^ T (f);peO => A Q ' T (g); p G O , 

where A«> T (/) 4 Ql i> q^A) _ A 

We have the following enrichment properties. 

Proposition 3.11. Let C,Q,T,0,0 and < be as above. Then, for any f,g : QA — ► Tf? 

and any arrow h, if f < g then: 

• ifh:QB^ TB' then 5 ;Qf ;£ ;Th; p < 5 ;Qg ; I ;Th; p , 

• ifh:QA'^ TA then 5 ;Qh;£;Tf ; p < 5 ;Qh;£;Tg ; p , 

. ifh:QA^TCthen{f,h);^<{g,h);i; and {h, f) ;V < (h, g) ;V , 

• »/ A = Ai x A 2 f^en A5 Al>yl2jB (C' ^A5 AljA2>B (C';</);^- □ 



3.2.2. Soundness. We proceed to present categorical models of the ^/9-calculus. The ap- 
proach we take is a monadic and comonadic one, over a computational monad T and 
a family of local-state comonads Q = {Q a )aek*i so that the morphism related to each 
a | T |- M : A be of the form [M] : <2 s [r] -> t|A]. Computation in up is store-update and 
fresh-name creation, so T is a store monad, while initial state is given by product comonads. 

Definition 3.12. A up-model M is a structure (M,T,Q) such that: 

I. M is a category with finite products, with 1 being the terminal object and Ax B the 
product of A and B. 

II. T is a strong monad (T, rj, /i, r) with exponentials. 

III. contains an appropriate natural numbers object INI equipped with successor and 
predecessor arrows and h : 1 — ► INI, each n £ N. Moreover, for each object A, there is 
an arrow end a ■ N x TA x TA — > TA for zero-equality tests. 

IV. Q is a family of product comonads (Q a , e, <5, C)seA# 011 At such that: 

(a) the basis of Qf is 1, and Q a = Q a ' whenever [a] = [a'] (i.e., whenever n ° a = a'), 

(b) if S(a') C S(a) then there exists a comonad morphism =7 : Q a — > Q a such that 
f = e, § = id and, whenever S(a') C S(a") C S(a), 

a a" a 
i" '"a 7 = a 7 
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(c) for each aa G A* there exists a natural transformation mi aa : Q a — > TQ aa such 
that, for each A,B £ Ob{M) and aa,a'a with S(ao) C S(a'a), the following dia- 
grams commute. 

Qa' A « ^ Q a A (ld ' nuaa) , Q~a A x T Qaa A AxQ & B ^ Q & {A X B) (N2) 



TQ a ' a A — zr* TQ~ aa A 



T{^,id> 



idXnus 



T{Q a A x Q aa A) A x TQ Sa B TQ~ aa (A x B) 



V. Setting Aa — Q a l, for each a S Aa, there is a name-equality arrow eq A : Aa x Aa — > IM 
such that, for any distinct a,b £ A a, the following diagram commutes. 

, ab ab \ 

Q a l »■ Aa x Aa - - ' b Q ab l (Nl) 

i 



1 »- 1 

VI. Setting [1] 4 l, JN] 4 N, [[A]] 4 A A , [A - Bj 4 T[B] W, [4 x BJ 4 [A] x [B], 
.M contains, for each A G TY, arrows 

drf A : -» T[A] and upd A : A A x [A] -> Tl 



such that the following diagrams commute, 

Aa x IAJ <id ' updA);r; ^. T(A A x {A}) 



T(7ri ; drf A ) ; /i 



T-7T2 



(idX7Ti;upd j ,idX7T2:upd < ) 

A A x {A} x [A] Tl x Tl 



ab 



Q ab l x {A] x [B] 



( — X TTi ;upd A , -5- X 7T2 ;upd s ) 







r 










V>; = 







(NR) 



Tl 



and, moreover, 

(nu^ a x upd B ) ; if) = (nu^ x upd B ) ; if/ . 
i.e., updates and fresh names are independent effects. 



(SNR) 
▲ 

The second subcondition of (|N2p above essentially states that, for each object A, nu A can 
be expressed as: 

Q a A Q a l x A nuiXid ) TQ aa l xA^U T(Q aa l x A) ^ TQ aa A 

It is evident that the role reserved for nu in our semantics is that of fresh name creation. 
Accordingly, nu gives rise to a categorical name-abstraction operation: for any arrow / : 
qaa A ^TB in M, we define 



\a)f 4 Q a A — ^ TQ aa A — ^ T 2 B A TB . 



(3.7) 
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The (NR) diagrams give the basic equations for dereferencings and updates (cf. [381 defini- 
tion 1] and [1H section 5.8]). The first diagram stipulates that by dereferencing an updated 
reference we get the value of the update. The second diagram ensures that the value of a 
reference is that of the last update: doing two consecutive updates to the same reference 
is the same as doing only the last one. The last diagram states that updates of distinct 
references are independent effects. 

Let us now proceed with the semantics of vp in vp- models. 

Definition 3.13. Let (Ai,T, Q) be a vp-m.ode\. Recall the type-translation: 

[Ifl^l, [N]^N, P]]4a a , [4-B]=T[B]W, IAxBH[i]x[B], 

A typing judgement a \ V \— M : A is translated to an arrow [M] s m : Q a [r] — > T\A\ in 
M, which we write simply as [M] : Q a T — > TA, as in figure [3j A 

We note that the translation of values follows a common pattern: for any a \ T \— V : B, 
we have {VJ = \V\ ; r/ , where 

\x\ 4 QVf |n| 4 Q a !;f ;fi |Ax.M| 4 A T (C;{M}) 

\a\ 4 |skip| 4 Q»!;f A 

We can show the following lemmas, which will be used in the proof of Correctness. 

Lemma 3.14. For any a \ T \- M : A and S(a) C S(a'), [M] s /| r = f ; {Mj^r ■ 
Moreover, ifT = xi:B±, ...,x n : B n , and a \ V \— M : A and a \ V \— Vi : Bi are derivable, 

{M{V/x}\ = Q*r Q -« r x r C ' ;Q ^ Q~ a T TA. Q 

Lemma 3.15. For any relevant f,g, 
{a) (q™A g > TBxTC T(B x C)) = QM (<a)/ ' g) ) TBxTC^ T(B x C) , 



44 (<X a A Ltb^ t 2 c A re) = qm r 2 c7 A rc7. n 

Lemma 3.16. Lei a | T |— M : ^4 and a | T |— E[M] : S 6e derivable, with E[_] feeing an 
evaluation context. Then |E[M]J is egita/ to: 

Q a r Q s r x TA -A T(Q~ a T x A) TQ a (T x A) T 2 B ^TB. D 

We write S \= M ^ S' \= M' with r G {NEW,SUC,EQ,...,LAM'} if the_last non-CTX rule 
in the related derivation is r. Also, to any store S, we relate the term S of type 1 as: 

e = skip , a, S = S , a :: V, S = (a := V ; S) (3-9) 

Proposition 3.17 (Correctness). For any typed term a \ T \— M : A, and S with 
dom(S) = a, and r as above, 

1. ifr(£ {NEW, UPD, DRF} then S \= M S \= M' \M\ = \M'\ , 

2. if re {UPD, DRF} then S (= M A S' \= W => [S ; Af] = [5' ; M'J , 

3. 5^M^^5,a^M' => [5;M] = {a)lS;M'j . 

Therefore, S \= M —* S' \= M' =>■ [5 ; M] = < a' ) [5' ; M'] , twtt dom(5') = aa' . 
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a 

fx} = Q a T Q a A A^TA 

Q_ 

H = Q a r ^ Q a l -i+ k A ^ Tk A 

a 

[skip] 4 Q a r Q a l 1 Tl 
[M] : Q aa T -> TA 
l va .Ml:Q a T^^TA 

[M] : Q a (T xi)->TB 



Q a r : 



A'(C'; m 



\\x.Mf 



TB A 
T(TB A ) 



[M] : Q a r -> T(TB A ) 
\N\ : Q a r -> 



{[MOAT]) . 
gap , T(TB ) X 



[M AT] 



T(TB A x A) 



Tev J ; |U 



TB 



[M] : Q<T -» T(A x B) 



a r ; 



[M] 



[fst M]~ 



• T(A x B) 

T7T1 

~~ TA 



\M\ : Q a r -> TA 

IN} g a r -> TB 



([M],[iV]> 

QT ? x TB 



T(A x B) 



\M\ : Q a r -> TIN 



a r ; 



[M] 



[succ Mf 



TIKI 

Tsucc 

' TIM 



\M\ : Q a T -> TA A 
{Nj : g a r -> Tk A 



Q n T mUm ,Tk A xTk A 



l[M=N]J 



T(k A x k A ) 



Teq 



TN 



[M] : Q a r -> TA A 
[JV1 : Q a r -> TA 



Q a r (IMLIW1> : TA^ x TA 



[M:=JV] v. 



T(A A x A) 



Tupd A : fj. 



Tl 



[MJ : Q<T -> TA A 



a r : 



[M] 



[!M] 



' Tk A 

Tdrf a ; /J 
*" TA 



[MJ : Q a r -> TN 
[iVil : Q a r -> TA 



QT ^ TN x TA 2 



[ifO M then iVi else AT 2 ] "- 



T(N x TA 2 ) 



end a ; M 



TA 



Figure 3: The semantic translation. 
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Proof: The last assertion follows easily from 1-3. For 1-3 we do induction on the size of the 
reduction's derivation. The base case follows from the specifications of definition 13.121 and 
lemma 13.141 For the inductive step we have that, for any 5, M, E, the following diagram 
commutes. 

(id.[S]> _ t:TC' - T(±A,\M\) :Tt „ _ T 2 (C' ; [E[a;]]) 

gap n , gap x T1 ! — 2 „ ygap __±J>> ^ r 2 (QT X A) ' T 3 B 




T(Q a T x A) 



T(C' ; [E[x]; 



T(A T (C';[E[ K ]])xid) 



T{{A-®TB) x A) 



Tev 1 ;/i 



Tlx 



■ T 2 B 



TB 



<A T (C';[E[ a; ]]);^ : [S;M]>;V' 



By the previous lemma, the upper path is equal to (id, [5]) ; r ; TQ' ; T[E[M]J ; \x and there- 
fore to [5;E[M]]. Hence, we can immediately show the inductive steps of 1-2. For 3, 



assuming 5 \= E[M] 



NEW 



S,a \= E[M'] and [5;M] = {a) {S;M'j , we have, using also 



lemmas 13.141 and I3.15( 

{a) IS; E[M']J = {a )( <A T ((' ; [E [x]j ) ; n, [5 ; M'J ) ; $ ; Tev T ; a) 
= {a)((A T (C'; [E[x]]) ; n, [5 ; M'J) ; if>') ; Tev r ; a 
= (A T (C' ; [E[x]] );r?,H[S;M']};f; Tev T ; /i 
= <A T (C' ; [E[x]D ; r,, [5 ; MJ) ; ^ ; Tev T ;M = [5; E[M]] . 



□ 



In order for the model to be sound, we need computational adequacy. This is added explic- 
itly as a specification. 



Definition 3.18. Let A4 be a z/p-model and [ 
adequate if 

35,6. [M] = {b) [5;6j ==> 35'. a\= M 
for any typed term a \ \— M:N. 



the respective translation of fp. .A4 is 

»5' ho, 



Proposition 3.19 (Equational Soundness). If M is an adequate up-model, 

[Mj = [iVj M<iV. 



□ 



3.2.3. Completeness. We equip the semantics with a preorder to match the observational 
preorder of the syntax as in (IFAh . The chosen preorder is the intrinsic preorder with regard 
to a collection of observable arrows in the biKleisli monadic-comonadic setting (cf. defini- 
tion ETTO])- In particular, since we have a collection of monad-comonad pairs, we also need 
a collection of sets of observable arrows. 

Definition 3.20. An adequate z^/O-model A4 = (M,T,Q) is observational if, for all a: 

• There exists O a C M(Q a l, TIN) such that, for all a \ \- M:N, 

lM}GO a 35,fe.[M]=^)[5;0]. 
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• The induced intrinsic preorder on arrows in Ai(Q a A, TB) defined by 

/ 9 VP ■■ Q\TB A ) -> m. (A a (/) ; p G O 5 A s ( 5 ) ; p € O s ) 
with A a {f) = A Q "' T (/), satisfies, for all relevant a,a',f,f, 

f < Ua f => M f < s {a) f a /< 8 /' |;/< a '|;/'- 

We write .M as (M,T,Q,0). ▲ 
Recurring to h9 a,T of definition 13.101 we have that A a (/) is the arrow: 

Q a l ^> Q"Q S 1 Q ° Ar(C,;/) ) Q a (TB A ) . (3.10) 

Hence, O a contains those arrows that have a specific observable behaviour in the model, and 
the semantic preorder is built over this notion. In particular, terms that yield a number 
have observable behaviour. 

In order to make good use of the semantic preorder we need it to be a congruence with 
regard to the semantic translation. Congruences for up, along with typed contexts, are 
defined properly in [48]. For now, we state the following. 



Lemma 3.21. Let (M,T,Q,0) be an observational up-model. Then, for any pair a \ T \— 
M, N : A of typed terms and any context C such that a' \ V |— C [M] , C [N] : B are valid, 

im < a m =^ ic[M]] < a ' [c[at]] . □ 

Assuming that we translate up into an observational z^/9-model, we can now show one direc- 
tion of (|FA|) . 

Proposition 3.22 (Inequational Soundness). For typed terms a \ V |— M,N : A, 

[M]<[AT1 => M<N. 

Proof: Assume [M] < s [iV] and |= C[M] — » 5' |= 6 , so [C[M]] = <o')[5';0]| with 
o' = dom(S')- [Ml < a [AT] implies [C[M]] < [C[iV]] , and hence [C[JV]] G O e . Thus, by 
adequacy, there exists S" such that \= C [AT] — » 5" |= . □ 

In order to achieve completeness, and hence full-abstraction, we need our semantic transla- 
tion to satisfy some definability requirement with regard to the intrinsic preorder. 

Definition 3.23. Let (A4,T,Q,0) be an observational ^p-model and let [_] be the se- 
mantic translation of up to M. A4 satisfies ip- definability if, for any a, A, B, there exists 
D\ B C M{Q d lAj,T{Bj) such that: 

• For each / G D\ B there exists a term M such that |M] = /. 

• For each /, g G M {Q a A, TB), 

f< a 9^Vp£ B%-+b# ■ (A"(/) ; p G O a =>■ A a (g) ; p G O s ) . 
We write A4 as (M,T,Q,0,D). ▲ 

For such a model Ai we achieve full abstraction. 

Theorem 3.24 (FA). For typed terms a \ T \— M,N : A, 

[M\ < [AT] ^ M<AT. 
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Proof: Soundness is by previous proposition. For completeness ("^="), we do induction 
on the size of T. 

For the base case suppose a | (— M ^ N and take any p G D%^a,H such that 
A a ([AfJ) ; p G O a . Let p = [o | y : 1 -> A |- L : N] , some term L, so A B ([MJ) ; p is 

A 5 (IM1);IL1 = <5;Q a |Az.M|;[Lfl = {(Xy.L)(Xz.M)\ 

for some 2:1. The latter being in O a implies that it equals {b) |£?;0], some S. Now, 
M < N implies (Xy.L)(Xz.M) < (Xy.L)(Xz.N) , hence vb.(S;6) < (Xy.L)(Xz.N) , by sound- 
ness. But this implies that a \= (Xy.L)(Xz.N) — » 5' |= , so ((Xy.L)(Xz.N)} G O 3 , by 
correctness. Hence, A E (lN});p G O a , so [M] < a [AT], by ip-definability. 
For the inductive step, if T = x : -B, T' then 

a | r |- M < N => a | T' |— Ax.M < Ax.A^ {Xx.Mj < a [Ax.AT] 
=^ [M] = l(Xx.M)x] < a l(Xx.N)xj = IN} 
where the last approximation follows from lemma [3.211 □ 



4. Nominal games 

In this section we introduce nominal games and strategies, and construct the basic structure 
from which a fully abstract model of vp will be obtained in the next section. We first 
introduce nominal arenas and strategies, which form the category Q. We afterwards refine 
Q by restricting to innocent, total strategies, obtaining thus the category V t . 

V t is essentially a semantical basis for call-by- value nominal computation in general. In 
fact, from it we can obtain not only fully abstract models of vp, but also of the z^-calculus [2], 
the z^e/3-calculus [47] (i^/9+exceptions), etc. 

4.1. The basic category Q. The basis for all constructions to follow is the category Nom 
of nominal sets. We proceed to arenas. 

Definition 4.1. A nominal arena A = (Ma, Ia, K4> ^a) is given by: 

• a strong nominal set Ma of moves, 

• a nominal subset I a C Ma of initial moves, 

• a nominal justification relation h^C Ma X (Ma \ I a), 

• a nominal labelling function Xa '■ Ma — > {0,P} x {A,Q}, which labels moves as 
Opponent or Player moves, and as Answers or Questions. 

An arena A is subject to the following conditions. 

(f) For each m G Ma, there exists unique k > such that I a 3 mi \~A • • • \~a m-k m , 
for some mi's in Ma- k is called the level of m, so initial moves have level 0. 

(11) Initial moves are P- Answers. 

(12) If mi,m2 G Ma are at consecutive levels then they have complementary OP-labels. 

(13) Answers may only justify Questions. ▲ 

We let level- 1 moves form the set J a since \~a is a nominal relation, J a is a nominal subset 
of Ma- Moves in Ma are denoted by tua and variants, initial moves by %a and variants, and 
level- 1 moves by ja and variants. By I a we denote Ma \ I a, and by J a the set Ma \ J a- 
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Note that, although the nominal arenas of [2j are defined by use of a set of weaker 
conditions than those above, the actual arenas used there fall within the above definition. 
We move on to prearenas, which are the 'boards' on which nominal games are played. 

Definition 4.2. A prearena is defined exactly as an arena, with the only exception of 
condition (11): in a prearena initial moves are O-Questions. 
Given arenas A and B, construct the prearena A — > B as: 

M a ^b = Ma + Mb 

Ia-^b — Ia 

Xa^b = [(u ^ OQ , m A i-> \a(pia)) , A B ] 

y~A-*B = {{iA, is)} U { (m,n) | m \~a,b n } 

where Xa is the OP-complement of Xa- A 

It is useful to think of the (pre) arena A as a vertex-labelled directed graph with vertex-set 
Ma and edge-set \~a such that the labels on vertices are given by Xa (and satisfying (11-3)). 
It follows from (f) that the graph so defined is levelled: its vertices can be partitioned into 
disjoint sets LO, LI, L2,. . . such that the edges may only travel from level i to level i + 1 
and only level-0 vertices have no incoming edges (and therefore (pre) arenas are directed 
acyclic). Accordingly, we will be depicting arenas by levelled graphs or triangles. 

The simplest arena is = (0, 0, 0, 0). Other (flat) arenas are 1 (unit arena), IM (arena 
of naturals) and A a (arena of a-names), for any a € A*, which we define as 

M x = h 4 {*} , M N = J N 4 N , M Aa = I AS 4 A a , (4.1) 

where A a = {7r° a 1 7r £ PERM(A) }. Note that for a empty we get A e = 1, and that we 
write A i for A a with a being of type i. 

More involved are the following constructions. For arenas A, B, define the arenas A<g>B, 
A±, A—®B and A =>• B as follows. 

Ma®b = IaxIb + Ia+Ib 
Ia®b — IaxIb 
Xa®b - 

^A 



PA),X A \Ia,Xb \Ib] 



IB 

Ma^,b 
Ia-®b 
Xa-®b 

\~A-eB 



— 2 — 2 

{((iA,iB),m)\iA \-Am\Zi B \~b m } U (\- A \ Ia ) 1 J(^b\Ib ) 



= Ib + Ia^Jb + Ia + Ib^Jb 
4 I B 

— [ (»b PA) , ((u, Jb) >-> OQ) , A A r /a , Ab r (/b n J B ) ] 
4 { (ib, (iaJb)) I «B \~B 3B } U { ((i A ,jB),m) l^him} 
U{((u,j B ),m)|j B h B m}u(h A t7 A 2 )u(h B t (J B n Jb) 2 
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M A± = {*l} + {*2} + M A 
Ia ± = {*l} 

Aa ± = [(n^ pa),(*2^oq),\a} 

^a ± = {(*i,* 2 ),(*2,u)}u(h A rM A 2 ) 

In the constructions above it is assumed that all moves which are not hereditarily justified 
by initial moves are discarded. Hence, for example, for any A, B 

J B = A^bB = B 

Moreover, we usually identify arenas with graph-isomorphic structures; for example, 

1 -a A = A , 0^A = A ± . 

Using the latter convention, the construction of A=^B in the previous definition is equivalent 
to A B of [151 [2] ; concretely, it is given by: 

M a ^b = {*} + Ia + Ia + M b (4.2) 

Ia=>b — {*} 

Xa^b = l(*^PA), (i A -» OQ) , X A , A B ] 

= {(*,u)}U{(u,m)|u h A mVmG/ B }U(h A t/ A 2 )U(h B rM B 2 ) 

Of the previous constructors all look familiar apart from — s> (which in [16] appears as =>). 
The latter can be seen as a function-space constructor merging the contravariant part of its 
RHS with its LHS. For example, for any A, B, C, we have 

A-»N = N and A -« (B C) = (A® B) C 

In the first equality we see that IN which appears on the RHS of — » has no contravariant 
part, and hence ^4 is redundant. In the second equality B, which is the contravariant part 
of B =>■ C, is merged with A. This construction will be of great use when considering a 
monadic semantics for store. 

We move on to describe how are nominal games played. Plays of a game consist of 
sequences of moves from some prearena. These moves are attached with name-lists to the 
effect of capturing name-environments. 

Definition 4.3. A move-with-names of a (pre)arena A is a pair, written m a , where m 
is a move of A and a is a finite list of distinct names (name-list). ▲ 

If x is a move-with-names then its name- list is denoted by nlist(x) and its underlying move 
by x ; therefore, 

x — x nlist(x) 

We introduce some notation for sequences (and lists). 

Notation 4.4 (Sequences). A sequence s will be usually denoted by xy . . . , where x, y, ... 
are the elements of s. For sequences s, t, 

• s < t denotes that s is a prefix of t, and then t = s(t\ s), 

• s ■< t denotes that s is a (not necessarily initial or contiguous) subsequence of t, 

• s~ denotes s with its last element removed, 

• if s = si . . . s n then s\ is the first element of s and s n the last. Also, 
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o n is the length of s, and is denoted by |s|, 

o s.i denotes s« and s.-i denotes s n +i-i , that is, the i-th element from the end of s 

(for example, s.-l is s n ), 
o s< Si denotes s\ . . . Si , and so does s <Sj+1 , 

o if s is a sequence of moves-with-names then, by extending our previous notation, we 
have s = s nllst ( s ) ) where nlist(s) is a list of length |s| of lists of names. ▲ 

A justified sequence over a prearena A is a finite sequence s of OP-alternating moves 
such that, except for s.l which is initial, every move s.i has a justification pointer to 
some s.j such that j < i and s.j \~a s.i ; we say that s.j (explicitly) justifies s.i . A move 
in s is an open question if it is a question and there is no answer inside s justified by it. 

There are two standard technical conditions that one may want to apply to justified 
sequences: well-bracketing and visibility. We say that a justified sequence s is well- 
bracketed if each answer s.i appearing in s is explicitly justified by the last open question 
in s<j (called the pending question). For visibility, we need to introduce the notions of 
Player- and Opponent-view . For a justified sequence s, its P-view r s n and its O-view 
i s i are defined as follows. 



sxs y 



r s n xy 



if x a P-move 
if x is initial 
if y an O-move 
expl. justified by x 



\_SXj 

l _sxs'y J 



i_SjX if x an O-move 

L Sja;y if y a P-move 

expl. justified by x 



The visibility condition states that any O-move x in s is justified by a move in |_<s<:rj > and 
any P-move y in s is justified by a move in r s< 3/ ~ 1 . We can now define plays. 

Definition 4.5. Let A be a prearena. A legal sequence on A is sequence of moves-with- 
names s such that s is a justified sequence satisfying Visibility and Well-Bracketing. A 
legal sequence s is a pZay if s.l has empty name-list and s also satisfies the following Name 
Change Conditions (cf. [34]): 

(NCI) The name-list of a P-move x in s contains as a prefix the name-list of the move 
preceding it. It possibly contains some other names, all of which are fresh for s <x . 

(NC2) Any name in the support of a P-move x in s that is fresh for s< x is contained in 
the name- list of x. 

(NC3) The name-list of a non-initial O-move in s is that of the move justifying it. 

The set of plays on a prearena A is denoted by Pa- A 

It is important to observe that plays have strong support, due to the tagging of moves with 
lists of names (instead of sets of names [2]). Note also that plays are the e-plays of [46] . 
Now, some further notation. 

Notation 4.6 (Name-introduction). A name a is introduced (by Player) in a play s, 
written a 6 £(s), if there exist consecutive moves yx in s such that x is a P-move and 
a € S(nlist(x) \ nlist(y)). ▲ 

From plays we move on to strategies. Recall the notion of name-restriction we introduced 
in definition 12.41 for any nominal set X and any x £ X, [x] = { tt ° x \ tt € PERM(A) } . 
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Definition 4.7. Let A be a prearena. A strategy a on A is a set of equivalence classes [s] 
of plays in A, satisfying: 

• Prefix closure: If [su] G a then [s] G er. 

• Contingency completeness: If even-length [s] G cr and sx is a play then [sx] G <r. 

• Determinacy: If even- length [sixi], [52^2] G a and [si] = [S2] then [sixi] = [s2^2]- 
We write a : vl whenever a is a strategy on A. ▲ 

By convention, the empty sequence e is a play and hence, by prefix closure and contingency 
completeness, all strategies contain [e] and [za]'s. Some basic strategies are the following — 
note that we give definitions modulo prefix closure. 

Definition 4.8. For any a', a G A* with S(a') C S(a), n G N and any arena B, define the 
following strategies. 

• n : 1 -> IN = {[*n]} 



B :B^1± {[i B *]} 



• §:A a ^A a = {[aa'}} 

• id B : B -> B 4 { [ s ] I s G Pb {1) ^b (2) A Vt < even s. t f B (1) = f f 5(2) } A 

It is easy to see that the aforedefined are indeed strategies. That definitions are given 
modulo prefix closure means that e.g. n is in fact: 

n = {[e], [*}, [*n]}. 

We proceed to composition of plays and strategies. In ordinary games, plays are composed 
by doing "parallel composition plus hiding" (v. [3]); in nominal games we need also take 
some extra care for names. 

Definition 4.9. Let s G Pa-^b and t G Pb^c- We say that: 

• s and t are almost composable, s ^ t, if s \ B = t \ B. 

• s and t are composable, s x t, if s <s t and, for any s 1 < s, t' < t with s' ^ t': 
(CI) If s' ends in a (Player) move in A introducing some name a then a # t'. 

Dually, if t' ends in a move in C introducing some name a then a # s' . 
(C2) If both s', if end in B and s' ends in a move introducing some name a then a#t'~ . 
Dually, if t' ends in a move introducing some name a then a # s'~ . ▲ 

The following lemma is taken verbatim from |15j . adapted from [7]. 

Lemma 4.10 (Zipper lemma). If s G Pa^b and t G Pb~*c with s ^ t then either 
s \ B = t = e, or s ends in A and t in B, or s ends in B and t in C , or both s and t end 
in B. □ 

Note that in the sequel we will use some standard switching condition results (see e.g. |15tl5]) 
without further mention. Composable plays are composed as below. Note that we may tag 
a move m as mr ) ( or m (p)) to specify it is an O-move (a P-move). 

Definition 4.11. Let s G Pa-^b and t G Pb-^c with sxt. Their parallel interaction 
s\\t and their mix s»t, which returns the final name-list in s \\ t, are defined by mutual 
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recursion as follows. We set e || e = e , e • e = e , and: 

6 II i A / || .\ sm b A mt b \\. c A / n ,\ sm b B »tm c B ,. g A / n ,\ s»tm% 

sm A || t = {s\\t)m A sm B \\tm B = {s\\t)m B s\\tm c = (s\\t)m c 

smb A(P) * * ~ ( s • ^ sm B(P) * ^ m B(o) — (s*t)b s • tm c ^ P j = (s»t)c 

b 4. A 7/ 5 j. CtC A / ,\ - j.5 A-/ 

Sm A(0) * = " sm B(0)*^ rn B{P) = ( s# *) c s ** m C(0) = C ' 

where 6 S is the name-list of the last move in s, and 5' is the name-list of ?tia(0)' s justifier 
inside s || t ; similarly for q and c'. 
The composite of s and i is: 

s;t = (s\\t) \ AC. 
The set of interaction sequences of A,B,C is defined as: 

ISeq(A, B,C) = {s\\t\s € Pa^b A t G P B ->c A sxt). ▲ 

When composing compatible plays s and t, although their parts appearing in the common 
component (B) are hidden, the names appearing in (the support of) s and t are not lost 
but rather propagated to the output components (A and C). This is shown in the following 
lemma (the proof of which is tedious but not difficult, see [48J). 

Lemma 4.12. Let sxt with s € Pa^b and t £ Pb-*C- 

(a) If s || t ends in a generalised P-move m h then b contains as a prefix the name-list of 
(s || t).-2 . It possibly contains some other names, all of which are fresh for (s \\ t)~ . 

(b) If s;t ends in a P-move m b then b contains as a prefix the name-list of (s;t).-2. It 
possibly contains some other names, all of which are fresh for (s ; t)~ . 

(c) Ifs || t ends in a move m b then b contains as a prefix the name-list of the move explicitly 
justifying m b . 

(d) If s = s'm b ends in A and t in B then b ■< s»t, 

if s = s'm b and t = t'm c end in B then b < smt and c < s»t, 
if s ends in B and t = t'm c in C then c< s mt. 

(e) S(s) U S(t) = S(s || t) = S(s;t) U S(s»t) . □ 

Proposition 4.13 (Plays compose). If s G Pa^b and t G Pb^c with s X t, then 
s;te P A ->c ■ 

Proof: We skip visibility and well-bracketing, as these follow from ordinary CBV game 
analysis. It remains to show that the name change conditions hold for s ; t. (NC3) clearly 
does by definition, while (NCI) is part (b) of previous lemma. 

For (NC2), let s;t end in some P-move m s,t and suppose a G S(m S9t ) and a # (s;t)~. 
Suppose wlog that s = s'm b , and so (s ; t)~ = s' ;t. Now, if a # s' »t then, by part (e) of 
previous lemma, a#s',t and therefore a G b, by (NC2) of s. By part (d) then, a G S(s«i). 
Otherwise, a G S(s' • t) and hence, by part (a), a G S(s • t). □ 

We now proceed to composition of strategies. Recall that we write a : A — > B if a is a 
strategy on the prearena A — > B. 
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Definition 4.14. For strategies cr : A — > B and r : B — > C, their composition is defined as 

a ; r = { [s ; t] \ [s] G cr A [i] G r A s X t } , 

and is a candidate strategy on A -> (7. ▲ 

Note that, for any sequence u, if [u] G cr;r then u = ir°(s;t) = (tt ° s) ;(7r° t) for some 
[s] G <t, [i] G r, s x t and 7r. Therefore, we can always assume u = s;t with [s] G a, [t] G r 
and s X i. Our next aim is to show that composites of strategies are indeed strategies. 
Again, the proofs of the following technical lemmata are omitted for economy (but see |48j). 

Lemma 4.15. For plays s± x t\ and s 2 x i 2 , if s\ || t\ = s 2 \\ ti then s\ = s 2 and t\=ti ■ 
Hence, if si \\ ti < s 2 || ^2 then si < S2 and t\<t%. Q 

Lemma 4.16. Let a : A — > B and r : B — > C be strategies with [s\], [52] G a and [ti], [£2] G 
r. // |si || ii| < \s2 || *2 1 [s% ; ii] = [s 2 ; £2] then there exists some tt such that tt ° (s\ \\ t\) < 

S2\\t 2 . □ 

Proposition 4.17 (Strategies compose). If a : A — > B and r : B — > C are strategies 
then so is a ; r. 

Proof: By definition and proposition 14.131 cr ; r contains equivalence classes of plays. We 
need also check prefix closure, contingency completeness and determinacy. The former two 
are rather straightforward, so we concentrate on the latter. 

Assume even-length [uiarj, [^2^2] £ cr;r with [m] = [112], say UiXi = s,;^, [sj] G cr and 
[ti] £r, 1 = 1,2. By prefix-closure of cr, r we may assume that Si,ti don't both end in 5, 
for i = 1,2. 

If Si end in A then Sj = s^n^ and Sijtj = (s^;tj)n^, i = 1,2. Now, [s^ii] = [«i] = 
[U2] = [s 2 ;i 2 ], so, by lemma 14.161 and assuming wlog that |s'i||ii| < |s 2 ||i2|> we have 
7r °( s i II *i) — ( s 2 II ^2), ■'■ ir° s'i < s 2 , say s 2 = s'^" with s 2 = vr° s'i and s 2 " in B. Then 
[s 2 ] = [s'i], .". [s^s^'n^ 2 ).!] = [s'inj 1 ], by determinacy of cr, and hence |s 2 "| = 0, s' 2 = 7To 
and t 2 = 7r° ii . Moreover, 7r'° s^n^ 1 = s 2 n 2 2 , some permutation tt' . Now we can apply the 

Strong Support Lemma, as (CI) implies (S(n^) \ S(s^)) n S(ti) = 0. Hence, there exists a 
permutation tt" such that 7r" ° s\ = s 2 and 7r" ° ti = t 2 , .'. [s\ ; ii] = [s 2 ; t 2 ] , as required. 
If Si end in and ti in C, then work similarly as above. These are, in fact, the only cases we 
need to check. Because if, say, s 2 , t\ end in B, s± in A and i 2 in C then t±, s 2 end in P-moves 
and [s± ;ti] = [s 2 ;t^~] implies that s^" , tj end in O-moves in B. If, say, \s^ \\ t%\ < |s 2 || t 2 | 
then we have, by lemma 14.161 tt ° < s 2 , some permutation 7r. So if tt ° s^ = s' 2 and 
S2 = s 2 s 2 , determinacy of a dictates that s 2 .l be in A, J? to |si;£i| = |s2j'*2| an d s 2 ; i 2 
ending in C. □ 

In order to obtain a category of nominal games, we still need to show that strategy com- 
position is associative. We omit the (rather long) proof and refer the interested reader 
to 



Proposition 4.18. For any a : A — > B , o~\ : A' — > A and cr 3 : B — » B' , 

idA ; Cr = Cr = Cr ; id B A (<Tl J Cr) 5 CT3 = <7i ;((T J CT3) . g 



Definition 4.19. The category Q of nominal games contains nominal arenas as objects 
and nominal strategies as arrows. ▲ 
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In the rest of this section let us examine closer the proof of proposition 14, 17l in order identify 
where exactly is strong support needed, and for which reasons is the nominal games model 
of [2] flawed. 

Remark 4.20 (The need for strong support). The nominal games presented here 
differ from those of [2] crucially in one aspect; namely, the modelling of local state. In [2] 
local state is modelled by finite sets of names, so a move-with-names is a move attached 
with a finite set of names, and other definitions differ accordingly. The problem is that 
thus determinacy is not preserved by strategy composition: information separating freshly 
created names may be hidden by composition and hence a composite strategy may break 
determinacy by distinguishing between composite plays that are equivalent. 

In particular, in the proof of determinacy above we first derived from [sj ; t\] = [s 2 ; £2] 
that there exists some tt so that tt a = s 2 and tt ° t\ = t 2 , by appealing to lemma [4.161 
in the (omitted) proof of that lemma, the Strong Support Lemma needs to be used several 
times. In fact, the statement 

l s 'l II ^l| = \ S 2 II ^| A [s'l ; t\] = [s' 2 ; £2] ==> 37T. TT ° s'i = S 2 A TT ° t\ = t 2 

does not hold in a weak support setting such that of |2j. For take some iew and consider 
the following AGMOS-strategies (i.e. strategies of [2]). 

r : Aj — > A, ; => A, = {[a* ca]\a,c £ Ai} . 

Then, 

[* a {a ' 6} ;a*b] = [* b {a > h} ] = [* * {a ' b} a< a ' 6} ] = [* ; a * a] , 

yet for no tt do we have tt ° (* a^ a,fc ^) = * a^ a,fc ^ and 7r ° (a*6) = a*a. As a result, determinacy 
fails for a ; r since both [* *i a ' b > b^M ^], [* *^ a^a^] 6 er; r. 

Another point where we used the Strong Support Lemma in the proof of determinacy 
was in showing (the dual of): 

37r,7r / .7ro(si,ti) = (s 2 ,t' 2 ) A 7r'° ^n? 1 = t' 2 n b 2 2 => 3tt". tt" ■> ( Sl , t'X 1 ) = (s 2 ,i 2 4 2 ) 

i.e. = [s2,4] A [t'lnj 1 ] = \t' 2 n 2 2 ) => [si>*W] = [s2,t' 2 n b 2 2 ]. 

The above statement does not hold for AGMOS-games. To show this, we need to introduc^H 
the flat arena Aj©Aj with M/^_q^. = T-^Aj) (the set of 2-element subsets of Aj). This is 
not a legal arena in our setting, since its moves are not strongly supported, but it is in the 
AGMOS setting. Consider the following strategies. 

a : A,- <g> A, -> A,- A,- = { f (a, b) {a, 611 I a, b G Aj A a 7^ 6 } 

gjZUjB) 

t : Aj Aj -> Aj = { [{a, 6} a] | a, 6 G Aj A a ^ b } 
We have that [ (a, 6) {a, 6}, {a, 6}] = [ (a, 6) {a, &}, {a, 6}] and [{a, 6} a] = [{a, b} b] , yet 

[ (a, 6) {a, 6}, {a, 6} a] 7^ [ (a, b) {a, 6}, {a, 6} b] . 
In fact, determinacy is broken since [ (a, b) a], [ (a, 6) b] G cr ; r. ▲ 



This is because our presentation of nominal games does not include plays and strategies with non-empty 
initial local state. In the AGMOS setting we could have used to the same effect the {o, fe}-strategies: 

a-.A^A^l 4 {[(a y b)<- a ' b K^% aM }, r : 1 -> A, 4 { k >o* s, * } ] {o , 6} } . 
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4.2. Arena and strategy orders in Q. Q is the raw material from which several subcat- 
egories of nominal games will emerge. Still, though, there is structure in Q which will be 
inherited to the refined subcategories we will consider later on. In particular, we consider 
(subset) orderings for arenas and strategies, the latter enriching Q over Cpoo These will 
prove useful for solving domain equations in categories of nominal games. 

Definition 4.21. For any arenas A, B and each <r, r G G(A, B) define a C r «4=> uCt. 
For each C-increasing sequence (<Ji)ieu take Llt^i = Uj ^- ^ 

It is straightforward to see that each such |J i cr, is indeed a strategy: prefix closure, con- 
tingency completeness and determinacy easily follow from the fact that the sequences we 
consider are C-increasing. Hence, each G(A,B) is a cpo with least element the empty 
strategy (i.e. the one containing only [e]). More than that, these cpo's enrich Q. 

Proposition 4.22. Q is Cpo-enriched wrt C. 

Proof: Enrichment amounts to showing the following straightforward assertions. 

a Q a' At Q t' a ; r C a ; r 

(o"i)iew an cj-chain => (|_J a t ) ; r C |_| (cxj ; r) 
(Ti) i( z w an w-chain => ct;(|Jt;) C | | (cr ; t^) 

On the other hand, arenas are structured sets and hence also ordered by a 'subset relation'. 
Definition 4.23. For any A,B G Ob(Q) define 

A < B ^> Ma C M b A 7a C I B A A A C A B A h A C h B , 
and for any ^-increasing sequence (Aj)j ga; define 

If yl < 7> then we can define an embedding-projection pair of arrows by setting: 
inclAB : A B = { [s] G [P^b] | [s] € id A V (odd(M) A [s~] G idU) } , 

proj B A : 5 -► A 4 { [ s ] G [P B ^a] I [«] G id A V (odd(|a|) A [s~] G id A ) } . 
There is also an indexed version of <, for any k G N, 

A < fc B <^=> A < P A { m G Mb | level(m) < k} C M A - 

▲ 

It is straightforward to see that \_\ i&UJ A\ is well-defined, and that < forms a cpo on Ob{Q) 
with least element the empty arena 0. By incl^^ and proj Byl being an embedding- 
projection pair we mean that: 

inclAB ; pro j B A = ±d A A pro j B A ; incl^s E id B (4.3) 



By cpo we mean a partially ordered set with least element and least upper bounds for increasing co- 
sequences. Cpo is the category of epos and continuous functions. 
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Note that in essence both iiic1a,b and proj BA are equal to id^, the latter seen as a 
partially defined strategy on prearenas A — > B and B — > A. Finally, it is easy to show the 
following. 

A < B < C =>- incl^.B ! incite = incite (TRN) 

4.3. Innocence: the category V. In game semantics for pure functional languages (e.g. 
PCF [IS]), the absence of computational effects corresponds to innocence of the strategies. 

Here, although our aim is to model a language with effects, 
our model will use innocent strategies: the effects will still 
be achieved, by using monads. 

Innocence is the condition stipulating that the strategies 
be completely determined by their behaviour on P-views. 
In our current setting the manipulation of P-views presents 
some difficulties, since P-views of plays need not be plays 
themselves. For example, the P-view of the play on the 
side (where curved lines represent justification pointers) is 
*(*,*) * a and violates (NC2). Consequently, we need to 
explicitly impose innocence on plays. 

Definition 4.24. A legal sequence s is an innocent play if s.l has empty name-list and 
s also satisfies the following Name Change Conditions: 

(NCI) The name-list of a P-move x in s contains as a prefix the name-list of the move 
preceding it. It possibly contains some other names, all of which are fresh for s <x . 

(NC2') Any name in the support of a P-move i in s that is fresh for r s <x 1 is contained 
in the name-list of x. 

(NC3) The name-list of a non-initial O-move in s is that of the P-move justifying it. 

The set of innocent plays of A is denoted by P\. ▲ 

It is not difficult to show now that a play s is innocent iff, for any t < s, T 1 is a play. We 
can obtain the following characterisation of name-introduction in innocent plays. 

Proposition 4.25 (Name-introduction). Let s be an innocent play. A name a is intro- 
duced by Player in s iff there exists a P-move x in s such that a E S(x) and a # r s <x ~ l . 

Proof: If a is introduced by a P-move x in s then a E nlist(x) and a # nlist(s< x .-l), hence, 
by (NCI), a # s <x so a # r s <: p. Conversely, if a E S(x) and a # r s <x ~< then, by (NC2'), 
a £ nlist(x), while a # r s< s ~ l implies a # nlist(s <a; .-l). □ 

Innocent plays are closed under composition (proof omitted, v. [48] ) . 

Proposition 4.26. If s E Pa^b , t E Pb^c are innocent and sxf then s ;t is innocent. □ 

We now move on to innocent strategies and show some basic properties. 

Definition 4.27. A strategy a is an innocent strategy if [s] E a implies that s is innocent, 
and if even-length [sixi] E a and odd-length \s2\ E a have [ r si~ l ] = [~s-p] then there exists 
X2 such that [S2X2] E a and [ r sixi n ] = [^a^" 1 ]- A 

Lemma 4.28. Let a be an innocent strategy. 
(1) If [s] E a then [ r s n ] E a. 



1 — 


^ 1_L O Aj 




* 




OQ 




(*,*) 


PA 
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* a 
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(2) If sy is an even-length innocent play and [s], [ r sip] G cr then [sy] G cr. 

(3) If r sip is even-length with nlist(y) = nlist(s.-l) and [s], [ r sy~ l ] G cr f/ien [sy] G a. 

(4) //s is an even-length innocent play and, for any s' < even $, [ r s n ] G a then [s] G cr. 

Proof: For (1) we do induction on |s|. The base case is trivial. Now, if s = s'y with y a 
P-move then r s~ l = r s n y and [ r s n ] € cr by prefix closure and IH. By innocence, there exists 
y' such that [ r s n y'] G cr and [ r s n y'] = [ r sy n ], so done. If s = s±ys2X and x an O-move 
justified by y then [ r siy~ l ] G a by prefix closure and IH, hence [ r siy n x] G a by contingency 
completeness. 

For (2) note that by innocence we have [sy ! ] G a for some y' such that [ r sy~ l ] = [ r sy n ]. 
Then, 

[V, y] = [V, y'] A [Hf , s] = fTT, s] A (S(y) \ S(V)) n S(s) = (S(y') \ Sfs 1 )) D S(s) = . 

Thus we can apply the strong support lemma and get [sy] = [sy'], as required. 

For (3) it suffices to show that sy is an innocent play. As s, r s n y are plays, it suffices 
to show that sy satisfies the name conditions at y. (NC3) and (NC2') hold because r sy n a 
play. (NCI) also holds, as y is non-introducing. 

For (4) we do induction on |s|. The base case is encompassed in r s n = s, which is trivial. 
For the inductive step, let s = s~x with r s n ^ s. By IH and contingency completeness we 
have [s~] G cr, and since [ r s n ] G cr, by (2), [s] G cr. □ 

We can now show that innocent strategies are closed under composition (details in |48j ) . 
Proposition 4.29. If a : A — > B ,r : B — > C are innocent strategies then so is a ;r. □ 

Definition 4.30. V is the lluf subcategory of Q of innocent strategies. ▲ 
Henceforth, when we consider plays and strategies we presuppose them being innocent. 

View] 'unctions. We argued previously that innocent strategies are specified by their be- 
haviour on P-views. We formalise this argument by representing innocent strategies by 
viewf unctions. 

Definition 4.31. Let A be a prearena. A viewfunction f on A is a set of equivalence 
classes of innocent plays of A which are even-length P-views, satisfying: 

• Even-prefix closure: If [s] G / and t is an even-length prefix of s then [t] G /. 

• Single- valuedness: If [si^i], [s2£2] G / and [si] = [S2] then [si^i] = [S2X2]. 

Let cr be an innocent strategy and let / be a viewfunction. Then, we can define a corre- 
sponding viewfunction and a strategy by: 



viewf (cr) = { [s] G cr | |s| even A r s 



n 



strat(/) =11 strat n (/) , 



where strato(/) — {[e]} and: 

strat 2n+ i(/) = { [ax] \ sx G P\ A [s] G strat 2n (/) } , 
strat 2ri+2 (/) = { [sy] I sy G P\ A [s] G strat 2 „+i(/) A [ r sy n ] G / } . 



▲ 



Note in the above definition that, for any even-length s, [s] G strat(/) implies [ r s n ] G /. 
We can show that the conversion functions are well-defined inverses. 
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Proposition 4.32. For any innocent strategy a, viewf (a) is a view function. Conversely, 
for any viewfunction f, strat(/) is an innocent strategy. Moreover, 

f = viewf (strat(/)) A a = strat(viewf (er)) . [-] 



Recall the subset ordering C of strategies given in definition 14.211 It is easy to see that 
the ordering induces a cpo on innocent strategies and that V is Cpo-enriched. We can also 
show the following. 

Corollary 4.33. For all viewfunctions f, g and innocent strategies a, t, 

(1) /Cstrat(/), 

(2) a C t viewf (a) C viewf (r) , f C g <^=^> strat(/) C strat^) , 

(3) viewf (a) C t A viewf (r) C a ==> a = r . 

Moreover, C yields a cpo on viewfunctions, and viewf and strat are continuous with 
respect to C. □ 

Notation 4.34 (Diagrams of viewfunctions). We saw previously that innocent strate- 
gies can be represented by their viewfunctions. A viewfunction is a set of (equivalence 
classes of) plays, so the formal way to express such a construction is explicitly as a set. For 
example, we have that 

viewf (id^) = { [sm (1) m (2) ] | [s] £ viewf (id^) A (m G Ia V (s.-l \~a m w A s.-2 \~a ^(2))) } ■ 

The above behaviour is called copycat (v. [3]) and is perhaps the most focal notion in game 
semantics. 

A more convenient way to express viewfunctions is by means of diagrams. For example, 
for id,4 we can have the following depiction. 

id^ : A >■ A 

%A °Q 



PA 



The polygonal line in the above depiction stands for a copycat link, meaning that the 
strategy copycats between the two m/s. A more advanced example of this notation is the 
strategy in the middle below. 




hi 



lA 

LI 



B)®A- 



OQ 

PA 
OQ 

PQ 



lA.B 




Note first that curved lines (and also the line connecting the two *'s) stand for justification 
pointers. Moreover, recall that the arena A => B has the form given on the left above, so 
the leftmost ij± (1-*a) i n the diagram of Ha,b has two child components, A~ and B. Then, 
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the copycat links starting from the 1-ia have the following meaning. Ha,b copycats between 
the ^"-component of 1-ia and the other ia, and copycats also between the ^-component 
of 1-ia and the lower *. That is (modulo prefix-closure), 

hA,B — strat{ [ (*, ia) * * ia s ] \ [ia iA s ] G viewf (id^) V [s] G viewf (ids) } . 

Another way to depict Uab is by cases with regard to Opponent's next move after \-%a_i as 
seen on the right diagram above. 

Finally, we will sometimes label copycat links by strategies (e.g. in the proof of proposi- 
tion [442]). Labelling a copycat link by a strategy a means that the specified strategy plays 
like a between the linked moves, instead of doing copycat. In this sense, ordinary copycat 
links can be seen as links labelled with identities. 



4.4. Totality: the category V t . We introduce the notion of total strategies, specifying 
those strategies which immediately answer initial questions without introducing fresh names. 
We extend this type of reasoning level-1 moves, yielding several subclasses of innocent 
strategies. Note that an arena A is pointed if I a is singleton. 

Definition 4.35. An innocent strategy a : A — > B is total if for any [ia] G o" there exists 
[ia is] € ex. A total strategy a : A — > B is: 

• 14 if whenever [s] G a and s.-l G J a then \ r s~ l \ = 4, 

• t4 if for any ^a^b3b\ G o" there exists [ia^b 3B j\\ e a i 

• tl4 if it is both t4 and 14, 

• ttotal if it is tl4 and for any [ia ib 3b] G o~ there exists [ia^b 3b 3a] G <t. 
A total strategy r : C(g>A — > B is: 

• 14* if whenever [s] G r and s.-l G Ja then | r s~ l | = 4, 

• ^ * if for any [ (i c , u)*B is] £ T tnere exists [ (fc, is Ja] e r > 

• tZ^ * if it is both t4* and 14*. 

We let V t be the lluf subcategory of V of total strategies, and V tt its lluf subcategory of 
ttotal strategies. V t * and V ttJlt are the full subcategories of V t and V tt respectively containing 
pointed arenas. A 

The above subclasses of strategies will be demystified in the sequel. For now, we show a 
technical lemma. Let us define, for each arena A, the diagonal strategy Aa as follows. 

A A : A -> A® A = strat{ [i A [u^sjE viewf (id A ) } (4.4) 

Lemma 4.36 (Separation of Head Occurrence). Let A be a pointed arena and let 
f : A — > B be a t4 strategy. There exists a tl4* strategy f : A® A — > B such that f = A ; /. 

Proof: Let us tag the two copies of A in A <g> A as and A (2 ) , and take 

/ = strat{ \{iA,iA)iB3B3 b A {2) s] \ [iA is 3B j\ 2) s } G viewf (/) A Vi.s.i ^ Ja {2) } , 
where G is the composition of de-indexing from Ma (1) and Ma., 2 ) t° Ma with G. Intuitively, 
/ plays the first J^-move of / in -A^, and then mimics / until the next J^-move of /, 
which is played in A w . All subsequent JA-moves are also played in Clearly, / is tl4* 
and/ = A;/. □ 
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We proceed to examine V t . Eventually, we will see that it contains finite products and that 
it contains some exponentials, and that lifting promotes to a functor. 

Lifting and product. We first promote the lifting and tensor arena-constructions to functors. 
In the following definition recall C from notation 14.61 and note that we write C{m) #m' for 
C(m) n S(m') = 0. 

Definition 4.37. Let / : A — > A 1 ', g : B — > B' in V t . Define the arrows 
f®g = strat{ [ (u,«b) (U',*B') s] \ 

([UU' s] G viewf (/) A [isi^] G 5 A £(uU' s) # is) 
V ( [iB«B/ s] G viewf (g) A [uU'] G / A C(i B is' s) # u) } , 
/_L = strat{ [* *' *' * s] | [s] G viewf (/) } , 
of types /<g>3 : ,4<g>.B -> A'<8>B' and /j_ : ^4_l -> A' ± . ▲ 
Let us give an informal description of the above constructions: 

• f± '■ A± — > ^4^_ initially plays a sequence of asterisks [* *' *'*] and then continues playing 
like/. 

• fdS>g : j4<S>-B — > A'®B' answers initial moves [(za^b)] with /'s answer to [i^] and g's 
answer to Then, according to whether Opponent plays in Jj^ or in Jgi , Player 
plays like / or like g respectively. 

Note that f± is always ttotal. We can show the following. 

Proposition 4.38. _ <g)_ : V t x V t —>■ V t and : V t — > V tt<t are functors. □ 

Moreover, ® yields products and hence V t is cartesian. 

Proposition 4.39. V t is cartesian: 1 is a terminal object and <£> is a product constructor. 

Proof: Terminality of 1 is clear. Moreover, it is straightforward to see that (g> yields 
a symmetric monoidal structure on V t , with its unit being 1 and its associativity, left- 
unit, right-unit and symmetry isomorphisms being the canonical ones. Hence, it suffices 
to show that there exists a natural coherent diagonal, that is, a natural transformation 
A : Idy — » (8> ° {Idy , Idy ) (where (Idy , Idy t ) is the diagonal functor on V t ) such that the 
following diagrams commute for any A, B in V t . 

A®B ^ Ag ^ B > {A®A)®{B®B) 

(A®B)®(A®B) mA^^A^A-^A®! 

But it is easy to see that the diagonal of (|4.4p makes the above diagrams commute. Natu- 
rality follows from the single-threaded nature of strategies (v. |14| ) . □ 
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Products are concretely given by triples A A®B B, where 

7Ti = strat{ [(i A ,iB)iAs] \ [i A lA s] G viewf (id^) } 

and 7T2 similarly, while for each A J- C —> B we have 

{f,g) : C ^ A® B = strat{ [i c 

( [ic %A s] G viewf (/) A [i c ib] G viewf (g) ) 

V ( [i c u] G viewf (/) A [i c s] G viewf (5) ) } . 

Finally, we want to generalise the tensor product to a version applicable to countably many 
arguments. In arenas, the construction comprises of gluing countably many arenas together 
at their initial moves. The problem that arises then is that the product of infinitely many 
(initial) moves need not have finite support, breaking the arena specifications. Nevertheless, 
in case we are interested only in pointed arenas, this is easily bypassed: a pointed arena has 
a unique initial move, which is therefore equivariant, and the product of equivariant moves 
is of course also equivariant. 

Proposition and Definition 4.40. For pointed arenas {Ai}i<z w define Ai by: 
M® iAi = {*} + |+J. Tju , 4 [ (* _> PA), [\ Al , 

= {*}, hg>^ = {(},*)} U{(*,j Ai )\i G^julJXh^r/^ 2 ). 

F° r {fi '■ Ai — > Bi\i &UJ with Ai 's and Bi 's pointed define: 

(£).fi = strat{ [* * s] I 3k. [i Ak iB k s] G viewf (f k ) } . 
Then, (g) _ : f\ Vt* ~^ * s a functor. □ 

In fact, we could proceed and show that the aforedefined tensor yields general products of 
pointed objects, but this will not be of use here. 

Partial exponentials. We saw that V t has products, given by the tensor functor <g>. We 
now show that the arrow constructor yields appropriate partial exponentials, which will be 
sufficient for our modelling tasks. 

Let us introduce the following transformations on strategies. 

Definition 4.41. For all arenas A,B,C with C pointed, define a bijection 

A% c : V t (A®B, C) ^ V t (A, B^C) 

by taking, for each h : A ® B — > C and g : A — > B — « C H 

h-A,c( h ) A—* B —®C = strat{ [i A ic («B, jc) s] \ [(ia^b) ic 3c s] G viewf (h) } , 

^cHf) : A®B -> C = strat{ i c j c s] \ [i A i c (i B ,jc) s] G viewf (5) } . 

For each (/, g) : (A,B) — > (A',B'), define the arrows 

ev A,B : {A » B) ®A > B 4 A^i B (id A _^ B ), 

/-•0:A'-«.B->A-Bfl'^ Af_^ B ^ B ,(id®/;ev; g ). ▲ 

^Note the reassignment of pointers that takes place implicitly in the definitions of A, A -1 , in order e.g. for 
(ia, is) ic jc s to be a play of viewf (ft). 
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It is not difficult to see that A and A 1 are well-defined and mutual inverses. What is more, 
they supply us with exponentials. 

Proposition 4.42. V t has partial exponentials wrt to ®, in the following sense. For any 
object B, the functor _ ®B : V t — > V t /ias a partial right adjoint B — « _ : V t „ — > V t , i/iai 
is, /or any object A and any pointed object C the bijection A^ ^ is natural in A. 



Proof: It suffices to show that, for any 
/ : A®B -> C and g : A -> B -« C, 

A(/)(g)id;ev = /, o®id;ev = A- 1 (g). 

These equalities are straightforward. For exam- 
ple, the viewfunction of A(/)(g>id; ev is given by 
the diagram on the side, which also gives the 
viewfunction of /. □ 

A consequence of partial exponentiation is that 



A(/)®id 



{B^>C)®B 



(■ibJc) 

L_U 



c 



naturally upgrades to a functor: 

.->v t . 

g : A' B — > A — « £?' is given concretely by 



_ -« _ : (V t ) op x V t , -> V t 



Now, in case g is ttotal, the strategy / —® g : A' —% B 
strat(0), where 

<t> = { Kb is' (m , is' ) (U' , 3b) s] \ 

s] E viewf(/) A [«b»b' 3B' 3b] EgAC(i A iA' s)#i B ,jB') 

V ([iBiB' 3B' 3b s] € viewf(g) A [i A i A >] S / A C(i B iB' 3B> 3B s)#u) }• 

That is, f —® g answers initial moves [zb] like g and then responds to [zb^b' (^AiJb')] with 
/'s answer to [z'a] and g's response to [ib iB' JB'] (recall g ttotal). It then plays like / or 
like g, according to Opponent's next move. Note that <f> is a viewfunction even if B, £?' are 
not pointed. 

A special case of ttotality in the second argument arises in the defined functor: 

_ => _ : (V t r x V t - V tt * 4 _ ^ . (4.5) 

Remark 4.43. In the work on CBV games of Honda &; Yoshida |15] the following version 
of partial exponentiation is shown. 

V{A®B,C) V t {A,B^C) (4.6) 

Interestingly, that version can be derived from ours (using also another bijection shown 
in [15]), 

V(A®B,C) V t (A®B,C±) = V t {A,B -sCi) =V t (4,B^C). 
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But also vice versa, if C is pointed then C = C% C\, for some arenas C\, and 



gj3 ([431 

V t {A®B,C 2 ^C 1 ) V^^f^Ci) V t (A (E^C^Ci) = V t (A, B-*(C 2 =*Ci)) . 

Strategy and arena orders. Recall the orders defined for strategies (C) and arenas (<) in 
section 14,21 These being subset orderings are automatically inherited by V t . Moreover, 
by use of corollary 14.331 we can easily show that the aforedefined functors are continuous. 
Note that, although the strategy order C is inherited from V, the least element (the empty 
strategy) is lost, as it is not total. 

Proposition 4.44. V t and V tt are PreCpo- enriched wrt cE3 Moreover, 

(_) ± : V t - V tt * , (_®_) : V t x V t -> V t , (®_) : *[[v v - V v , 

(_^_) : V t ° p x V tt * - V tt , , (_^_) : V t ° p x V t -> V tt , 
are locally continuous functors. □ 

The order of arenas in V t is the same as in Q, and therefore Ob(V t ) is a cpo with least 
element 0. Note that A < B does not imply that the corresponding projection is a total 
strategy — but A <x B does imply it. In fact, 

A< X B proj B)A G V tt (£,A) A A < 2 B incl^s G V tt (i,B). 

Moreover, we have the following. 

Proposition 4.45. ^4Z/ of the functors of proposition [4^44\ are continuous wrt < . Moreover, 
A< A' f\B < B' inclA,yi'(8)incl BiJ B/ = inclA<g>.B,A'®.B' 
A <i A' A £ <i 5' proj A , A g)proj B , )B = proj A/(8fl y )il8B 

Vi G w.Aj < ^- (g). incl A . )A / = incl^.^.^ 
Vi 6wJj<ij 0.proj A / iA . = proj^,^ 

A <1 A' A B < proj A , A =4> incl B]jB / = inclA=*B,A'=*B' 

A < A' A B <i B' =^ inclA,^' => proj B , B = proj A ,^ B , A=>B 
i^iA'AB^ 5' =>- proj A , A -» inclB,B' = inclA-«B,A'-«B' 
A < A' A 5 <i B' =^ incl A>j4 / -« proj B , B = V to 2a'^B',A-^B ■ 

Proof: All the clauses are in effect functoriality statements, since the underlying sets of 
inclusions and projections correspond to identity strategies. □ 



^ In fact, for C to be expressed as C2 Ci we need a stronger version of condition (f), namely: 
(f) For each m £ Ma, there exists unique k > and a unique sequence xi . . . x n £ {Q, A}* such that 

/a 9 mi Ha • • • Ha m , for some mj's in Ma with Aj2 A (mz) = a;; . 

In such a case, Ci and C2 are given by taking Kq = {m £ Mc | 3jc-jc He wi A Ac(ti) = PA} and 
M Cl =ifc+{meAfc|3^6i(-c.fcH-Hm} I Cl = K% h Cl =h c f (M Cl x J Cl ) A Cl = Ac \M Cl 
Mc 2 = Ic \ M Cl A Ca = [ic 2 ^ PA,m^ \ c {m) ] Ic 2 = Jo ho 2 = H c \ (Mc 2 X Ic 2 ) ■ 

11 By precpo we mean a cpo which may not have a least element. PreCpo is the category of precpos and 
continuous functions. 
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4.5. A monad, and some comonads. We now proceed to construct a monad and a 
family of comonads on V t that will be of use in later sections. Specifically, we will upgrade 
lifting to a monad and introduce a family of product comonads for initial state. 

Lifting monad. It is a more-or-less standard result that the lifting functor induces a monad. 
Definition 4.46. Define the natural transformations up,dn, st as follows, 
up^ : A — » Aj_ = strat{ [i A *i *2 s] \ [iA ^A s] £ viewf (id^) } 

diLA '■ Aj_± — » ^4j_ = strat{ [*i *\ *' 2 *2 *3 *4 s] | [s] G viewf (id^) } 

stA,B : A(8)B_l ->• (A(8)B)_l = strat{ [ (u, *i) *'j *' 2 * 2 is (u, *b) s] 

| [ (u, is) (u, »b) s] 6 viewf (idA®s) } 
(primed asterisks are used for arenas on the RHS, where necessary). ▲ 

Proposition 4.47. The quadruple ((_)j_, up, dn, st) is a strong monad on V t . Moreover, 
it yields monadic exponentials by taking (C±) B to be B =>■ C, for each B,C. 

Proof: It is not difficult to see that up, dn, st) is a strong monad. Moreover, for 

each B, C we have that B^C = B-® C± is a (_ )j_-exponential, because of exponentiation 
properties of — «. □ 

Although finding a canonical arrow from A to A± is elementary (up^), finding a canonical 
arrow in the inverse direction is not always possible. In some cases, e.g. A = Aj , there is no 
such arrow at all, let alone canonical. An exception occurs when A is pointed, by setting: 

pu A : A± -> A = stra.t{[* i A j A * i A j A s] | [M^iAM*] G viewf (id A ) } . (4.7) 

Lemma 4.48. pu^ yields a natural transformation pu : (— )j_(v „) ~ > -^V tt » ■ Moreover, for 
any arenas A, B with B pointed, up A ; pu^ = id^ , pn^ ± = dn^ and 

? u A ^ B = A({A^B) ± ®A^({A^B)®A) ± ^B ± ^By D 



Initial-state comonads. Our way of modelling terms-in-local-state will be by using initial 
state comonads, in the spirit of intensional program modelling of Brookes & Geva [9]. In 
our setting, the initial state can be any list a of distinct names; we define a comonad for 
each one of those lists. 

Definition 4.49 (Initial-state comonads). For each a € A* define the triple (Q a ,e,5) 
by taking Q a : V t -> V t = A 5 ®_ and 

e:Q a ^Id Vt 4 { £A : A a ®A ^ A } , 

6:Q*^ {Q~ a f = {5 A : A a ®A A a ®A a ®A}. 
For each S(a') C S(a) define the natural transformation J? : — > Q a by taking 

(fU : A 5 ®^ A 5 '®,4 4 (DiBidU, 
where (f )i is § of definition H31 that is, (f )i = { [ (o, *) (a', *)] } . ▲ 
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Note that Q e , the comonad for empty initial state, is the identity comonad. Note also that 
we have suppressed indices a from transformations e, 5 for notational economy. 

Clearly, each triple (Q a ,e, 5) forms a product comonad on V t . Moreover, it is straight- 
forward to show the following. 

Proposition 4.50 (Chain rule). For each S(a') C S(a) € A*, the transformation M, is 
a comonad morphism. Moreover, - = e : Q a — > Idy , " = id : Q a — > Q a and, for each 
S(a') C S (o") C S(a), Jr ; f = § ! ' ' □ 

Finally, for each name-type i, we can define a name-test arrow: 

eq^ : A^Ai -» N = {[(o,a)0]}U{[(a,6)l]|o^6}, (4.8) 
which clearly makes the (Nl) diagram (definition 13. 12j) commute. 

Fresh-name constructors. Combining the monad and comonads defined previously we can 
obtain a monadic-comonadic setting (V t , (_)j_,Q), where Q denotes the family (Q a ) S eA#- 
This setting, which in fact yields a sound model of the z/-calculus [21 135], will be used as 
the basis of our semantics of nominal computation in the sequel. Nominal computation of 
type A, in name-environment a and variable-environment T, will be translated into the set 
of strategies 

{a:Qir]^[A] ± }. 

The lifting functor, representing the monadic part of our semantical setting, will therefore 
incorporate the computational effect of fresh-name creation. 

We describe in this section the semantical expression of fresh-name creation. Fresh 
names are created by means of natural transformations which transform a comonad Q a , 
say, to a monad-comonad composite (Q aa -)±. 



Definition 4.51. Consider the setting (V t 



, Q). We define natural transformations 



new aa : Q a -> (Q c 



by 



new^ 4 h a ®A 



new. 



)id A 



strat{ [ (a, *) 



\ aa ®A) L , 
* *(aa,*) a ]}, 



for each aa £ A*. 



That new is a natural transformation is straightforward: for any / : A 
the following commutative diagram. 



B we can form 



k a ®A 

id®/ 



newi ® id 



)A 



(A Sa O 



id®/ 



newi® id 

Moreover, we can show the following. 

Proposition 4.52. In the setting (V t , (—] 
grams ( definition 1 3. 1 ff)) commute. 



)B 



(id®/)j 



, Q) toit/j new defined as above, the (N2) dia- 

□ 
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The fresh-name constructor allows us to define name-abstraction on strategies by taking: 

(a) a 4 Q-B ^(Q~ aa B) ± ^C ± ^C. (4.9) 

Name-abstraction can be given an explicit description as follows. For any sequence of 
moves-with-names s and any name a # nlist(a), let s a be s with a in the head of all of its 
name-lists. Then, for a as above, we can show that: 

view±({a)a) = {[(a,i B ) ic 3c m ab s a ] \ [(aa,i B ) ic 3c m b s] € viewf(a) /\a#i B ,jc} 

(4.10) 

We end our discussion on fresh-name constructors with a technical lemma stating that 
name-abstraction and currying commute. 

Lemma 4.53. Let f : Q aa (A®B) — » C with C a pointed arena. Then, 

{ a ) A(C' ; /) = A(C' ;{a)f):Q- a A^B^C. 

Proof: As follows. 

{ a ) A(C' ; /) = newi° ;(A(C' ; ; P u B ^ c = new^ ;(A(C' ; f))± ; A(st' ; ev ± ; pu c ) 
= A(newi a ®id B ;(A(C' ; /))±8>id B ; st' ; ev ± ; pu c ) 
= A(newX®id B ; st' ;(A(C' ; /)®id B )± ; ev ± ;pu c ) 

= A(newT®id B ; st' ;((> ; f) ± ; pu c ) ( = } A(C ; new^ B ; /j_ ; pu c ) 

and the latter equals A(C ; {a) /). □ 

Note that the above result does not imply that v- and A-abstractions commute in our 
semantics of nominal languages, i.e. that we obtain identifications of the form [i/a.Ax.M] = 
[Ax.^a.M] . As we will see in the sequel, A-abstraction is not simply currying, because of 
the use of monads. 

4.6. Nominal games a la Laird. As aforementioned, there have been two independent 
original presentations of nominal games, one due to Abramsky, Ghica, Murawski, Ong and 
Stark (AGMOS) [2] and another one due to Laird [21| 124] . Although Laird's constructions 
are are not explicitly based on nominal sets (natural numbers are used instead of atoms), 
they constitute nominal constructions nonetheless. In this section we highlight the main 
differences between our nominal games, which follow AGMOS, and those of |214 124j. 

Laird's presentation concerns the i^-calculus with pointers, i.e. with references to names. 
The main difference in his presentation is in the treatment of name-introduction. In partic- 
ular, a name does not appear in a play at the point of evaluation of its i^-constructor, but 
rather at the point of its first use; let us refer to this condition as name- frugality (cf. [31J). 
An immediate result is that strategies are no longer innocent, as otherwise e.g. va.Xx.a 
and Xx.ua.a would have the same denotation More importantly, name-frugality implies 
that strategies capture the examined nominal language more accurately: Opponent is not 
expected to guess names he is not supposed to know and thus, for example, the denota- 
tions of z^a.skip and skip are identical. In our setting, Player is not frugal with his names 

Non-innocence can be seen as beneficial in terms of simplicity of the model, since strategies then 
have one condition less. On the other hand, though, innocent strategies are specified by means of their 
viewfunctions, which makes their presentation simpler. Moreover, non-innocence diminishes the power of 
definability results, as finitary behaviours are less expressive in absence of innocence. 
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and therefore the two terms above are identified only at the extensional level (i.e. after 



The major difference between [21] and [23] lies in the modelling of (ground-type, name- 
storing) store. In [21] the store is modelled by attaching to strategies a global, top-level 
(non-monadic), store arena. Then, a good-store-discipline is imposed on strategies via 
extra conditions on strategy composition which enforce that hidden store-moves follow the 
standard read/write pattern. As a result (and in contrast to our model), the model relies 
heavily on quotienting by the intrinsic preorder in order for the store to work properly. 

The added accuracy obtained by using frugality conditions is fully exploited in [23], 
where a carefully formulated setting of moves-with-stor^l allows for an explicit characteri- 
sation result, that is, a semantic characterisation of operational equality at the intensional 
level. The contribution of using moves-with-store in that result is that thus the seman- 
tics is relieved from the (too revealing) internal workings of store: for example, terms like 
(a := b) ; Ax. ! a ; and (a := b) ; Xx.O are equated semantically at the intensional level, in 
contrast to what happens in our modelEl Note, though, that in a setting with higher-order 
store such that of vp, moves-with-store would not be as simple since stores would need to 
store higher-order values, that is, strategies. 

Laird's approach is therefore advantageous in its use of name- frugality conditions, which 
allow for more accurate models. At the same time, though, frugality conditions are an extra 
burden in constructing a model: apart from the fact that they need to be dynamically pre- 
served in play-composition by garbage collection, they presuppose an appropriately defined 
notion of name-use. In |21} 124] . a name is considered as used in a play if it is accessible 
through the store (in a reflexive transitive manner) from a name that has been explicitly 
played. This definition, however, does not directly apply to languages with different nomi- 
nal effects (e.g. higher-order store). Moreover, frugality alone is not enough for languages 
like Reduced ML or the i^-calculus: a name may have been used in a play but may still 
be inaccessible to some participant (that is, if it is outside his view [21] )• On the other 
hand, our approach is advantageous in its simplicity and its applicability on a wide rage of 
nominal effects (see |48j). but suffers from the accuracy issues discussed above. 



We embark on the adventure of modelling up in a category of nominal arenas and strategies. 
Our starting point is the category V t of nominal arenas and total strategies. Recall that V t 
is constructed within the category Nom of nominal sets so, for each type A, we have an 
arena Aa for references to type A. 

Note here, though, that the semantics being too explicit about the created names can prove beneficial: 
here we are able to give a particularly concise proof adequacy for up (see section I5.3I and compare e.g. with 
respective proof in [3]) by exploiting precisely this extra information! 

14 Inter alia, frugality of names implies that sequences of moves-with-store have strong support even if 
stores are represented by sets! 

^In our model they correspond to the strategies (see also section [5}: 



Thus, the inner- workings of the store revealled by d (i.e. the moves a c) differentiate it from 02 ■ In fact, in our 
attempts to obtain an explicit characterisation result from our model, we found store-related innaccuracies 
to be the most stubborn ones. 




E 



5. The nominal games model 



cti = {[(a,b) *©(*,©)(«,©) a cO]}, a 2 = { [ (a, 6) * ©(*, ®)(n, ©) 0] } . 
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The semantics is monadic in a store monad built around a store arena £, and como- 
nadic in an initial state comonad. The store monad is defined on top of the lifting monad 
(see definition I4.46j) by use of a side-effect monad constructor, that is, 

1\A = f -a (A <gi i.e.TA = t=>A®£. 
Now, £ contains the values assigned to each name (reference), and thus it is of the form 

where [A] is the translation of each type A. Thus, a recursive (wrt type-structure) definition 
of the type-translation is not possible because of the following cyclicity. 

C = ® a (Aa =► M) (SE) 

Rather, both £ and the type-translation have to be computed as the least solution to the 
above domain equation. By the way, observe that [A — > Bj = [A] £ED £ =>• [£?]] (g) £ . 



5.1. Solving the Store Equation. The full form of the store equation ()SEp is: 

[11=1, [N] = N, [[A]]=A A , [A ->• -B] = [AJ <8) [JB] , 

[A B] = [A] £ = <g) A (A A => [A] ) . 

This can be solved either as a fixpoint equation in the cpo of nominal arenas or as a domain 
equation in the PreCpo-enriched category V t . We follow the latter approach, which provides 
the most general notion of canonical solution (and which incorporates the solution in the 
cpo of nominal arenas, analogously to [26]). It uses the categorical constructions of [4~3l [TT] 
for solving recursive domain equations, as adapted to games in |26j . 

Definition 5.1. Define the category 

c = v t x n v t 

AeTY 

with objects D of the form (D^, Da ^ eTY ) and arrows / of the form (/^, /a j4eTY ). 

Now take F : (C) op xC -»■ C to be defined on objects by F(D, E) = (Cd,e, {A\ D)E AeTY ), 
where: 



\d,e — 

A 



p*w - N 



A 



and similarly for arrows, with F(f,g) = [A] , „ AeTY ) . A 



[A S] DE ^ D A ^ (£e,d E b ®Zd,e) 

W 

Now (|SEp has been reduced to: 

D = F(D,D) (SE*) 
where -F is a locally continuous functor wrt the strategy ordering (proposition 14.44)) , and 
continuous wrt the arena ordering (proposition 14.451) . The solution to (ISE*I) is given via a 
local bilimit construction to the following cj-chain in 

cE 



^Recall that we call an arrow e : A — > B an embedding if there exists e R : B — > A such that 



e ; e R = idA A e fl ; e C ids . 
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Definition 5.2. In C form the sequence (A)iew taking Dq as below and A+i = -F(A, Di). 
A,i - 1 A,N - N A), [A] - ^A 

D ^-»B = 1 A),AxB = D 0> a®D ,b D 0> e = ®XA A ^0) 



A 

Moreover, define arrows : A — > A+i and : A+i — ► Dj as: 

e = incl DoiDl = proj D Dq e i+1 = F(ef,ej) = F( ei ,ef). 

▲ 

The above inclusion and projection arrows are defined componentwise. In fact, there is a 
hidden lemma here which allows us to define the projection arrow, namely that Dq 55i D\ 
(which means A,§ <i D\^ and -Do, A 55 1 D\ t A for all A). 



Thus, we have formed the u-chain A. We show that A is a 55 -increasing sequence of objects 
and embeddings, and proceed to the main result. 

Lemma 5.3. For {ei,ef)i &UJ as above and any i€u>, 

e { = incl Di;Di+1 A ef = proj A+1)D . . 

Proof: It is easy to see that Dj <i A+i, all* G u>, so the above are well-defined. We now 
do induction on i; the base case is true by definition. The inductive step follows easily from 
proposition 14.451 □ 

Theorem 5.4. We obtain a local bilimit (D* ,r/i ieul ) for A by taking: 
D* = |__|. A, Vi — inclz^D* (each ie u). 
Hence, idp* : F(D* , D*) — > D* is a minimal invariant for F. 

Proof: First, note that -Do 55 1 A, for alH 6w, implies that all Dj's share the same initial 
moves, and hence A 55 1 D*. Thus, for each i S u>, we can define r/^ = proj D * D . , and 
hence each j]% is an embedding. We now need to show the following. 

(1) (D*,r)i i<Eu> ) is a cone for A, 

(2) for all % G w, r?f ; 7/ f C ; Tft+i , 

(3) U e .(^f;^) = idD*. 

For 1, we nts that, for any i, incl/)^* = incl£> i5 £) i+1 ; incl£) i+1) D* , which follows from 
(TRN). For 2 we essentially nts that id^ C id£> <+1 , and for 3 that [J i id^ = idp* ; these 
are both straightforward. 

From the local bilimit {D* ,r]i l&UJ ) we obtain a minimal invariant a : F(D* , D*) — > -D* 
by taking (see e.g. [1]): 

All A j-i ( R\ prop.|4.45| . . 

a = Ui ai ' a i = F \ r )i>Vi);Vi+l = P ro 3F(D*,D*),D i+1 ; lncl A+i„D* ■ 

Moreover, D>* = F(D* , D*) by the Tarski-Knaster theorem, and therefore a, = t/^ 1 ;r/j+i , 
which implies a = id/)*. □ 



Given an tj-chahi A = (Di, ei)ig w of objects and embeddings, a cone for A is an object D together with a 
family (rji : Di — * D)i 6w of embeddings such that, for all i £ w, r/i = ej ; r?i+i. Such a cone is a iocaZ bilimit 
for A if, for all i £ lu, 

r)f ; m C ; Tfr+i A I I (r?f ; r?i) = id . 

1 ■?. f^jj 
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Thus, D* is the canonical solution to D = F(D, D), and in particular it solves: 

D A ->b = D a ^ (L> € D B ®Dt.) , Dz = (g) A (A A D A ) . 
Definition 5.5. Taking D* as in the previous theorem define, for each type A, 

The arena £ and the translation of compound types are given explicitly in the following 
figure. £ is depicted by means of unfolding it to ® a {^a {A} ) : it consists of an initial 
move © which justifies each name-question a € A a, all types A, with the answer to the 
latter being the denotation of A (and modelling the stored value of a). Note that we reserve 
the symbol "©" for the initial move of £, ©-moves in type-translations can be seen as 
opening a new store. 




Figure 4: The store arena and the type translation. 



The store monad T. There is a standard construction (v. [28]) for defining a monad of A- 
side-effects (any object A) starting from a given strong monad with exponentials. Here we 
define a store monad, i.e. a £-side-effects monad, from the lifting monad as follows. 

T:C^C = £^(_©£) 

ri A : A -> TA 4 A (a ® £ ^ {A ® £) ± ) 

/ x (5-1) 

^ : T 2 A — > TA = A (T 2 A ® £ ^> (TA © £) ± ^ (A © ^ (A ® 

A concrete description of the store monad is given in figure [5] (the diagrams of strategies 
depict their viewfunctions, as described in notation 14. 34ft . For the particular case of ©- 
moves which appear as second moves in TA's, let us recall the convention we are following. 
Looking at the diagram for TA (figured]), we see that © justifies a copy of £~ (left) and 
a copy of A©£ (right). Thus, a copycat link connecting to the lower-left of a © expresses 
a copycat concerning the £~ justified by © (e.g. the link between the first two ©-moves in 
the diagram for ha), and similarly for copycat links connecting to the lower-right of a ©. 
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TA 




Va-A 



■TA 

OQ 

* PA 

$r oq 

(i A ,®) pa 

I I 



MA : T 2 A *~ TA 

* 

J * 



(*,©) 



0: 



OQ 
PA 
OQ 
PQ 

OA 
PQ 



Tf : TA ■ 

* 



TB 



(iA,®) 



OQ 
PA 
OQ 
PQ 

0. 1 

(is,©) PA 



t~a,b ■ A®TB ■ 
(iA,*) 



■T(A®B) 



(lB,®) 



OQ 
PA 
OQ 
PQ 

OA 

(i A ,iB,®) pa 




Figure 5: The store monad. 



Thus, for example, ha is given by: 

fiA = strat( {[**©© s] | [© © s] G viewf (id^) } 

U {[**©© (*, ©') ©' s ] | [©' ©' s] G viewf (id 5 ) V [s] G viewf (id^) } ) . 

A consequence of lifting being a strong monad with exponentials is that the store monad is 
also a strong monad with exponentials. T-exponentials are given by: 

TB A = A^TB, A T (/ : A®B —> TC) = A(/) . (5.2) 

Moreover, for each arena A we can define an arrow: 

aA A A± (t A ) ± I*E± TA . (5.3) 

The transformation pu was introduced in (|4.7|) . Using lemma 14.48 1 we obtain a a = A(st^ ^). 
Moreover, we can show that a : — > T is a monad morphism. 

5.2. Obtaining the fp-model. Let us recapitulate the structure that we have constructed 
thus far to the effect of obtaining a vp- model in V t . Our numbering below follows that of 
definition 13.121 

I. V t is a category with finite products (proposition I4.39| ) . 

II. The store monad T is a strong monad with exponentials. 

III. V t contains adequate structure for numerals. 

IV. There is a family (Q a , e, 5, C)aeA# °f product comonads, with each Q a having basis k a 
(see section [4"3j) . which fulfils specifications (a,b). There are also fresh-name construc- 
tors, new Sa : Q E -» (Q" a ) ± , which satisfy (N2). 
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V. There are name-equality arrows, eq^ for each type A, making the (Nl) diagram com- 
mute (section [4.5p . 

From new we can obtain a fresh-name transformation for the store monad. 

Definition 5.6. For each aa G A*, define a natural transformation nu act : Q a — > TQ aa by: 

nu| a 4 Q a A (Q~ aa A) ± TQ~ aa A. 
Moreover, for each / : Q aa A -» TB, take {a) f = Q~ a A ^ TQ* a A ^ T 2 B ^TB. k 
Each arrow nu^ a is explicitly given by (note we use the same conventions as in (|4.10p ): 
nu^f = strat{ [(a, i A ) * ® (aa, i A , ®) a s a ] \ 

aj£ %a A ([«a*as] G viewf (id^) V [© © s] G viewf (id^)) } 

and diagrammatically as in figure [6j Moreover, using the fact that a is a monad morphism 
and lemma 14.481 we can show that, in fact, {a) f is given exactly as in (14, 9h . that is, 

{a) f =new A ;/±;pu TB . 

Finally, a being is a monad morphism implies also the following. 

Proposition 5.7. The nu transformation satisfies the (N2) diagrams of definition \3.lB . I~l 
What we are only missing for a z^p-model is update and dereferencing maps. 
Definition 5.8. For any type A we define the following arrows in V t , 
drf A = strat{ [a*® a , ©) s ] \ 

I® ® s] G viewf (id f ) V [ij^j^js] G viewf (idj^j ) } , 
upd A = strat ({ [ (a, ij^j ) * © b b s ] | [© © bbs] G viewf (id^) A bffa } 

U { [ (a, ifAJ )*®a i [A j s ] \ [i [A j ifAJ s \ £ viewf (id^j ) }) , 
depicted also in figure [H ▲ 

These strategies work as follows, upd^ responds with the answer (*,©) to the initial se- 
quence (a, ujq ) * © and then: 

• for any name bff a that is asked by O to (*, ©) (which is a store-opening move), it copies 
b under the store © (opened by O) and establishes a copycat link between the two 6's; 

• if O asks a to (*, ©), it answers im and establishes a copycat link between the two 's. 
On the other hand, drf a does not immediately answer to the initial sequence a * ® but 
rather asks (the value of) a to ©. Upon receiving O's answer iiMj , it answers (ua} > ©) an d 
establishes two copycat links. We can show by direct computation the following. 

Proposition 5.9. The (NR) and (SNR) diagrams of definition ] 3.1^ commute. □ 

We have therefore established the following. 

Theorem 5.10. (V t ,T, Q) is a up-model. □ 
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Figure 6: Strategies for update, dereferencing and fresh-name creation. 



We close this section with a discussion on how the store-effect is achieved in our innocent 
setting, and with some examples of translations of i^p-terms in V t . 

Remark 5.11 (Innocent store). The approach to the modelling of store which we 
have presented differs fundamentally from previous such approaches in game semantics. 
Those approaches, be they for basic or higher-order store [SI [3], are based on the following 
methodology. References are modelled by read/write product types, and fresh-reference 
creation is modelled by a "cell" strategy which creates the fresh cell and imposes a good 
read/write discipline on it. In order for a cell to be able to return the last stored value, 
innocence has to be broken since each read-request hides previous write-requests from the 
P-view. Higher-order cells have to also break visibility in order to establish copycat links 
between read- and write-requests. 

Here instead we have only 
used innocent strategies and a 
monad on a store £. Because of 
the monad, an arena {AJ con- 
tains several copies of £, there- 
fore several stores are opened 
inside a play. The read/ write 
discipline is then kept in an in- 
teractive way: when a partici- 
pant asks (the value of) a name 
a at the last (relevant) store F1 

Figure 7: A dialogue in innocent store. 

i.e. at the last store-opening move played by the other participant. 



P - What 's the value of a? 

- I don't know, you tell me: what 's the value of a? 
P - I don't know, you tell me: what's the value of a? 

- I don't know, you tell me: what's the value of a? 
P - I know it, it is v. 

O - I know it, it is v. 
P - I know it, it is v. 
- I know it, it is v. 
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the other participant either an- 
swers with a value or asks him- 
self a at the penultimate store, 

and so on until one of the participants answers or the first store in the play is reached. At 
each step, a participant answers the question a only if he updated the value of a before 
opening the current store (of that step, i.e. the last store in the participant's view) — note 
that this behaviour does not break innocence. If no such update was made by the partici- 
pant then he simply passes a to the previous store and establishes a copycat link between 
the two a's. These links ensure that when an answer is eventually obtained then it will 
be copycatted all the way to answer the original question a. Thus, we innocently obtain a 
read/write discipline: at each question a, the last update of a is returned. 

Example 5.12. Consider the typed terms: 

e | |— va.a := (f st ! a, snd ! a) , b | |— b := \x.{\ 6)skip , b | |— (! 6)skip 
with a G A^xn and b G Ai_>£. Their translations in V t are as follows. 

1 Tl A^ B ^ Tl k ± ^ B ^ T\B\ 

* °Q b OQ b OQ 

* PA * PA * PA 




In the first example we see that, although the strategy is looking up the fresh (and therefore 
uninitialised) reference a, the play does not deadlock: if Opponent answered the question 
a a then the play would proceed as depicted. In practice, however, Opponent will never 
be able to answer that question and the play will halt indeed (this is because Opponent 
must play tidily, see section HT4|) . Moreover, from the latter two examples we can compute 
[stop B ] : 1 - TIB} = {[**©]}. □ 



5.3. Adequacy. We proceed to show that V t is adequate (v. definition I3.18p . First we 
characterise non-reducing terms as follows. 
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Lemma 5.13. Let a \ \— M : A be a typed term. M is a value iff there exists a store S 
such that S \= M has no reducts and [(a, *) * © (za, ®) b ] G IS ; M] , for some iA, b. 

Proof: The "only if '-part is straightforward. For the "if -part assume that M is a non- value 
and take any S such that S \= M has no reducts. We show by induction on M that there 
exist no iA, b such that [(a, *) * © (ia, ®) b ] G [5 ; M] . The base case follows trivially from 
M not being a value. Now, for the inductive step, the specifications of S \= M (and M) 
imply that either M = ! a with a not having a value in S, or M = E[iT] with E an evaluation 
context and K a non- value typed as a \ \— K : B and such that S \= K non-reducing. 

In case of M = ! a, we have that [(a, *) * © a] G |p ; M] , which proves the claim because 
of determinacy. On the other hand, if M = E[-fT] then, as in proof of proposition 13.171 we 
have: 

{S ; M] = (A(C' ; lE^J ) , {S ; K\ ) ■ r ; Tev ; /x = (id, \S ; if ] } ; r ; T(C' ; [E[x]J) ; /x 

By IH, there are no is, c such that [(a, *) * © (zb, ©) c ] G [5 ; K\ , which implies that there 
are no ia, b such that [(a, *) * © (i A , ®) b ] G [[S 1 ; MJ . □ 

Because of the previous result, in order to show adequacy it suffices to show that, whenever 
[MJ = { b \ {S ; Oj , there is no infinite reduction sequence starting from a \= M. We will 
carry out the following reasoning. 

• Firstly, since the calculus without DRF reductions is strongly normalising — this is inher- 
ited from strong normalisation of the ^-calculus — it suffices to show there is no reduction 
sequence starting from a \= M and containing infinitely many DRF reduction steps. 

• In fact, the problem can be further reduced to showing that, whenever [(a, *) *© (0, ®) b ] G 
[M] , there is no reduction sequence starting from a \= M and containing infinitely many 
NEW reduction steps. The latter clearly holds, since M cannot create more than \b\ fresh 
names in that case, because of correctness. 

The reduction to this simpler problem is achieved as follows. For each term M, we 
construct a term M' by adding immediately before each dereferencing in M a fresh- 
name construction. The result is that, whenever there is a sequence with infinitely many 
DRF's starting from 5 |= M, there is a sequence with infinitely many NEWs starting 
from S \= M' . The reduction is completed by finally showing that, whenever we have 
[(a, *) * ® (0, ®) b ] G [M] , we also have [(a, *) * ® (0, ®) b> ] G [M'J . 
The crucial step in the proof is the reduction to "the simpler problem", and particularly 
showing the connection between [MJ and [M'J described above. The latter is carried out 
by using the observational equivalence relation on strategies, defined later in this section. 
Note, though, that a direct proof can also be given (see [SH]). 

Proposition 5.14 (Adequacy). (V t ,T, Q) is adequate. 

Proof: This follows from O-adequacy (lemma I5.28D . which is proved independently. □ 
Hence, (V t , T, Q) is a sound model for vp and thus, for all terms M, N, 

[M] = {Nj => M<N. 
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5.4. Tidy strategies. Leaving adequacy behind, the route for obtaining a fully abstract 
model of vp proceeds to definability. That is, we aim for a model in which elements with 
finite descriptions correspond to translations of i^p-terms. 

However, V t does not satisfy such a requirement: it includes (finitary) store-related 
behaviours that are disallowed in the operational semantics of vp. In fact, our strategies 
treat the store ^ like any other arena, while in vp the treatment of store follows some basic 
guidelines. For example, if a store S is updated to S' then the original store S is not 
accessible any more (irreversibility). In strategies we do not have such a condition: in 
a play there may be several £'s opened, yet there is no discipline on which of these are 
accessible to Player whenever he makes a move. Another condition involves the fact that 
a store either 'knows' the value of a name or it doesn't know it. Hence, when a name is 
asked, the store either returns its value or it deadlocks: there is no third option. In a play, 
however, when Opponent asks the value of some name, Player is free to evade answering 
and play somewhere else! 

To disallow such behaviours we will constrain total strategies with further conditions, 
defining thus what we call tidy strategies. But first, let us specify store-related moves inside 
type-translating nominal arenas. 

Definition 5.15. Consider V up , the full subcategory of V t with objects given by: 

Ob(V vp ) B A, B ::= 1 1 U \ A a | A®B \ A -» TB 
For each such arena A we define its set of store- Handles , Ha, as follows. 
Hi = i?iM = H k a = , Ha®b — Ha U Hb , 
Ha^tb = {(iA, ®a), (i B , ®b)} UH A UH B U H u U H iB with H ( 4 H m , 

where we write A -» TB as A -na (£4 5®£b), and £ as ® c {#\c => [C])- 

In an arena A £ Ob(V up ), a store-Handle justifies (all) questions of the form a, which 
we call store- Questions. Answers to store-Questions are called store- Answers . ▲ 

Note in particular that, for each type A, we have {A} , Q a [L4]] , T\A} G Ob(V up ), assuming 
that T\AJ is equated with 1 — ® T[L4]. Note also there is a circularity in Ha-*,tb in the 
above definition. In fact, it is a definition by induction: we take Ha — U«ew anc ^' 

H l — H M — H h° — H A — > H A®B " ^A U H B > 

H a + Itb = m, ®a), (is, ®b)} UH A UH B U W+ 1 U Hg 1 with W+ l 4 H\ c} . 

Intuitively, store-H's are store-opening 
moves, while store-Q's and store- A's are 
obtained from unfolding the store struc- 
ture. On the side we give examples of 
store-related moves in a simple arena. 

From now on we work in V up , un- 
less stated otherwise. A first property 
we can show is that a move is exclu- 
sively either initial or an element of the 
aforedefined move-classes. 
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Figure 8: Store-H's -Q's -A's in arena T\. 
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Proposition 5.16. For any A G Ob(V up ), 

Ma = Ia W Ha W { m G M A \ m a store-Q} tt) {m G Ma I m a sfore-,4 } . 

Proof: We show that any m G Ma belongs to exactly one of the above sets. We do 
induction on the level of m, l(m), inside A and on the size of A, \A\, specified by the 
inductive definition of Ob(V up ). If m is initial then, by definition, it can't be a store-H. 
Neither can it be a store-Q or store-A, as these moves presuppose non-initiality. 

Assume l(m) > 0. If A is base then trivial, while if A = A\ <g) A2 then use the IH on 
(l(m), \ A\). Now, if A = Ai^TA 2 then let us write A as Ai (£ x A 2 ®&); we have the 
following cases. 

• If m = (iAi, ©1) £ Ha then m a question and not a store-Q, as store-Q's are names. 

• If m = (1A21 ©2) £ Ha then m an answer and not a store-A as its justifier is (i^, ©1). 

• If m is in or in A 2 then use the IH. 

• If m is in £1 then it is either some store-Q a to (^,©1) (and hence not a store-H or 
store-A), or it is in some \C\. In the latter case, if m initial in [C] then a store-A in 
[A] and therefore not a store-H, as to not a store-H in [C] by IH (on l{m)). If to is 
non-initial in [CJ then use the IH and the fact that store-H's -Q's -A's of [C] are the 
same in \A\ . 

• Similarly if m is in £2- □ 

The notion of store-handles can be straightforwardly extended to prearenas. 

Definition 5.17. Let A,B<E Ob(V up ). The set Ha^b of store-handles in prearena A — > B 
is Ha U Hb- Store-Q's and store-A's are defined accordingly. ▲ 

Using the previous proposition, we can see that, for any A and B, the set Ma~*b can be 
decomposed as: 

I A W Ib W Ha->b tt) { w, G M^b I m a store-Q } tfcl { m G M^^b | m a store-A } (5.4) 

We proceed to define tidy strategies. We endorse the following notational convention. Since 
stores £ may occur in several places inside a (pre) arena we may use parenthesised indices 
to distinguish identical moves from different stores. For example, the same store-question q 
may be occasionally denoted q^o) or , the particular notation denoting the OP-polarity 
of the move. Moreover, by O-store-H's we mean store-H's played by Opponent, etc. 

Definition 5.18 (Tidy strategies). A total strategy a is tidy if whenever odd-length 
[s] G a then: 

(TD1) If s ends in a store-Q q then [sx] G a , with x being either a store-A to q introducing 
no new names, or a copy of q. In particular, if q = a a with a # r s~ l_ then the latter 
case holds. 

(TD2) If [s(/ ( p)] G o with q a store-Q then q^ P) is justified by last O-store-H in r s~ l . 
(TD3) If r sP = s' 'q(o)Q(p)ty(o) with q a store-Q then [sy (P) ] G a, where y (P ) is justified by 
r s n .-3. ' ▲ 

(TD1) states that, whenever Opponent asks the value of a name, Player either immediately 
answers with its value or it copycats the question to the previous store-H. The former case 
corresponds to Player having updated the given name lastly (i.e. between the previous O- 
store-H and the last one). The latter case corresponds to Player not having done so and 
hence asking its value to the previous store configuration, starting thus a copycat between 
the last and the previous store-H. Hence, the store is, in fact, composed by layers of stores 
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— one on top of the other — and only when a name has not been updated in the top layer 
is Player allowed to search for it in layers underneath. We can say that this is the nominal 
games equivalent of a memory cell (cf. remark \5. lip . (TD3) further guarantees the above- 
described behaviour. It states that when Player starts a store-copycat then he must copycat 
the store-A and all following moves he receives, unless Opponent chooses to play elsewhere. 
(TD2) guarantees the multi-layer discipline in the store: Player can see one store at each 
time, namely the last played by Opponent in the P-view. 

The following straightforward result shows that (TD3), as stated, provides the intended 
copycat behaviour. 

Proposition 5.19. Let a be a tidy strategy. If [s'q(o)Q(p)t] £ cr is an even-length P-view 
and q is a store-Q then q^o)Q(,p)t *s a copycat. 

Proof: We do induction on \t\. The base case is straightforward. For the inductive step, let 
t = t'xz. Then, by prefix closure, [s'q^ 0) q^ P) t'x] S a, this latter a P-view. By IH, q( )q(p)t' is 
a copycat. Moreover, by (TD3), [s'q i0) q^ P) t'xx] E a with last x justified by (q^ )q^ P) t'x).-3, 
thus s' q( 0) q {P) t' xx a copycat. Now, by determinacy, [s'q^q^t'xx] = [s' q (0) q {P) t' xz], so 
there exists tt such that tt ° x = x A it ° x = z, ,\ x = z, as required. □ 

A good store discipline would guarantee that store-Handles OP-alternate in a play. This 
indeed happens in P-views played by tidy strategies. In fact, such P-views have canonical 
decompositions, as we show below. 

Proposition 5.20 (Tidy Discipline). Let a : A — > B be a tidy strategy and [s] € a with 
r s~ l = s. Then, s is decomposed as in the following diagram. 




(by CC we mean the state that, when reached by a sequence s = V, the rest of s is copycat.) 

Proof: The first two transitions are clear. After them neither P nor O can play initial 
moves, so all remaining moves in s are store-H -Q -A's. Assume now O has just played a 
question xq which is a store-H and the play continues with moves X1X2X3... . 

x\ cannot be a store-A, as this would not be justified by xq, breaching well-bracketing. 
If x\ is a store-Q then X2 must be a store-A, by P-view. If x\ is an answer-store-H then X2 
is an OQ, while if x\ a question-store-H then X2 is either a store-Q or a store-H. 

If X2 is a store-Q then, by (TD1), X3 either a store-A or a store-Q, the latter case 
meaning transition to the CC state. If X2 is not a store-Q then X3 can't be a store-A: if 
X3 were a store-A justified by q ^ X2 then, as q wouldn't have been immediately answered, 
s> q would be a copycat and therefore we would be in the CC state right after playing q. 

Finally, if X3 is a store-A then X4 must be justified by it, so it must be a Q-store-H. □ 

Corollary 5.21 (Good Store Discipline). Let [s] E a with a tidy and r s n = s. Then: 

• The subsequence of s containing its store-H's is OP- alternating and O-starting. 

• If s.-l = q is a P-store-Q then either q is justified by last store-H in s, or s is in copycat 
mode at q. □ 
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Observe that strategies that mostly do copycats are tidy; in particular, identities are tidy. 
Moreover, tidy strategies are closed under composition (proof delegated to the appendix). 

Proposition 5.22. If a : A — » B and r : B — > C are tidy strategies then so is a ; r. O 

Definition 5.23. T is the lluf subcategory of V up of tidy strategies. ▲ 

Finally, we need to check that all structure required for a sound up-model pass from V t to 
T. It is not difficult to see that all such structure which does not handle the store remains 
safely within the tidy universe. On the other hand, strategies for update and dereferencing 
are tidy by construction. (A fully formal proof is given in [48J.) 

Proposition 5.24. T forms an adequate up-model by inheriting all the necessary structure 
from V t . □ 

Henceforth, by strategies we shall mean tidy strategies, unless stated otherwise. 



5.5. Observationality. Strategy equality is too fine grained to capture contextual equiv- 
alence in a complete manner. For example, even simple contextual equivalences like 

skip ~ ua. skip 

are not preserved by the semantical translation, since strategies include in their name-lists 
all introduced names, even useless ones. For similar reasons, equivalences like 

ua.ub.M ~ ub.ua. M 

are not valid semantically. In fact, it is not only because of the treatment of name-creation 
that the semantics is not complete. Terms like 

a := 1 ; Xx. ! a ; 2 ~ a:=l;Xx.2 

are distinguished because of the 'explicit' way in which the store works. 

So there are many ways in which our semantics is too expressive for our language. 
We therefore proceed to a quotienting by the intrinsic preorder and prove full-abstraction 
in the extensional model. Following the steps described in section 13.21 in this section we 
introduce the intrinsic preorder on T and show that the resulting model is observational. 
Full-abstraction is then shown in the following section. 

Definition 5.25. Expand T to (7~, T,Q,0) by setting, for each a G A*, 

0~ a = { / G T(Q% TIN) | 3b. [(a, *) * © (0, ®f] G / } . 
Then, for each f,g £ T(Q a A, TB), f < 5 g if 

Vp : Q a (A -a TB) TIN. (A a (/) ; p G O a A a (g) ; p G O a ) . a 

Thus, the observability predicate O is a family (O a ) sgA #, and the intrinsic preorder < is a 
family (< a )a 6 A#- Recall that by A a (/) we mean A < 3 a ' T (/), that is, 

A s (/) = QH ^ Q a Q~ a l Q " A(C ' ;/) > Q~ a (A -a TB) . 
Note in particular that / C g implies A a (f) ; p C A a (g) ; p, for any relevant p, and therefore: 

fQg^f< a g (5.5) 

The intrinsic preorder is defined by use of test arrows p, which stand for possible program 
contexts. As the following result shows, not all such tests are necessary. 
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Lemma 5.26 (tl4 tests suffice). Let f,g G T(Q a l,B) with B pointed. The following are 
equivalent (recall definition \4-35^ . 

I. Vp : Q d B ^TU. S;Q a f;p£O a 5;Q a g;p£O a 

II. Vp : Q a 5 TIN. pistU =^ (5;Q a f;peO a =^ 5 ;Q a g ; p G O a ) 
Hence, for each a and f,g€ T(Q a A,TB), f < a g iff 

Vp : Q a (A-*TB) -► TIN. p is ^ (A a (f);p£O a =► A 5 ( fl );peO s ). 

Proof: I =^ II is trivial. Now assume II holds and let p : Q a B — > TIM be any strategy such 
that <5 ; Q s / ; p G O". Then, there exist [s] G 5 ; Q a / and [t] G p such that [s;t] = [(a, *) * 
© (0, ®) b ] G (<5 ; Q a f) ; p. We show by induction on the number of J^-moves appearing in 
s \\t that 5;Q a g;p£ O a . 

If no such moves appear then t = (a, is) * © (0, ®) b , so done. If n + 1 such moves 
appear then p is necessarily t4, as B is pointed, so by lemma [4.361 there exists tl4* strat- 
egy p such that p = A ; p. It is not difficult to see that p being tidy implies that p is 
tidy. Moreover, S;Q a f;p = 5;Q a f;A;p = 5 ; Q a f ;(id, Q a \ ; 5 ; Q a /> ; p = 5;Q a f;p', 
with p' being (id, Q a ! ; 5 ; ; p. Now, by definition of p, [(a,*) * ®(0,©) 6 ] = [s';i'] G 
(5 ; Q a f ; p' with s' || t' containing n J^-moves so, by IH, 5 ; Q a g ; p' G O a . But 5 ; Q a g ; p' = 
5 ; Q a g ;(id, Q a \; 5 ;Q a f);p = 5 ; Q a f ;(Q a l ; 5 ; Q a g, id) ; p = 6;Q d f;p", where p" is given 
by (Q a ! ; <5 ; Q a 5, id) ; p. But p" is tl4, thus, by hypothesis, O a 3 5 ; Q a g ; p" = 5 ; Q a g ; p , as 
required. □ 

We can now prove the second half of observationality. 

Lemma 5.27. For any morphism f : Q aa l — > B, with B pointed, and any tl4 morphism 
p : Q a B -» TN, 

5;Q a {a)f; P €O a <=> 5 ; Q aa f ;f O aa 
Moreover, for each a and relevant a,a',f,g, 

f< &a 9 =>» {a)f< a {a)g, f < a g =>■ § ; / < a ' | ; g . 

Proof: For the first part, p being tl4 and B being pointed imply that there exists some 
b # a and a ttotal strategy p' such that p = {b) p' . Now let <5 ; Q a {a) /; p G O a , so there 
exists [s;i] = [(a,*) * ®(0,©) 5a5 ] G (5 ;Q a {a) f) ; p, and let s = (a,*) (a,i B ) jB m ad s' and 
i = (a, is) * ®Jb Letting s xa be s nlist ( s )^° ) we can see that [(aa, *) is 3b m d s'^ a ] G / and 
thus [s"\ = [{aa, *) (a,i B ) j B m<V va ] G 5 ; Q aa f ; f . Hence, [a" ; t] = [(aa, *) * © (0, ®) b5 ] G 
(5 ; Q aa f ; ^ ; p, as required. The converse is shown similarly. 

For the second part, suppose / < aa g : Q aa A — > Tl? and take any tl4 morphism 
p : Q a (A -® TB) — > TIN. Then, 

Al^/j^GO 5 ^ 5;Q s A(C';|a|/) ;/) G0 5 W«5;Q 5 |a)(A(C';/));pG0 5 

5;Q ifl A(C';/);|;peO ia 

f S> S 5;Q aa A.(?;g);¥;pe6 Sa ^ A a ({a) g) ; p £ O a . 
For the other claim, let us generalise the fresh-name constructors new to: 

Q :A s ^(A a 'U 4 {[(a,*) * *(a',*f'^]} 
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(J) 



st' 



for any S(a) C S(a'). The above yields a natural transformation of type Q a — > Q". It is 
easy to see that, for any h : Q a 1 — > TIN, /i G O a iff (5) ; ; pu G O a and, moreover, that 
the diagram on the right below commutes. Hence, if / < a g then 

5;Q a 'A((';^-J);peO a ' 

5;Q a '^;Q a 'A((';f);peO a ' 

^ Q>) ;(<W'I ! Q a 'A(C ; /) ; p)± ; P u g O 5 
<=> 5;Q a A((';f);{ a );p ± ; 1P u£O a 

5;Q*A(C';g);Q l );px;j>ueO- a 

<=> 5;Q a 'A(C';^;g);peO a ', 

as required. □ 

In order to prove that T is observational, we are only left to show that 

[M] G O a <=> 36, 5. [M] =(6)[5;0] 

for any a \ \— M : N. The "<^^" direction is trivial. For the converse, because of 
correctness, it suffices to show the following generalisation of adequacy. 

Lemma 5.28 (O- Adequacy). Let a \ \— M : N be a typed term. If [M] G O e then 
there exists some S such that a \= M - 



>s\=o. 

Proof: The idea behind the proof is given above proposition 15.141 It suffices to show that, 
for any such M, there is a non-reducing sequent S \= N such that a \= M — » S \= N ; 
therefore, because of Strong Normalisation in the z/-calculus, it suffices to show that there 
is no infinite reduction sequence starting from a \= M and containing infinitely many DRF 
reduction steps. 

To show the latter we will use an operation on terms adding new-name constructors just 
before dereferencings. The operation yields, for each term M, a term (M)° the semantics of 
which is equivalent to that of M. On the other hand, a \= (M)° cannot perform infinitely 
many DRF reduction steps without creating infinitely many new names. For each term M, 
define (M)° by induction as: 

(a)° = a, = x, ... (\x.M)° 4 \ X .(M)° , (M N)° = (M)°(N)° , ... 

and (! iV) - va,. l(N)° , some a # N. 

We show that [(M)°J ^ [M], by induction on M; the base cases are trivial. The 
induction step follows immediately from the IH and the fact that ^ is a congruence, in all 
cases except for M being ! N. In the latter case we have that {(M)°j = { a )(^; [!(A0°]) , 
while the IH implies that [M] ^ Hence, it sts that for each / : Q a A TB we 

have f ^ {a \ ; /) . Indeed, for any relevant p which is tl4, 

A 3 (M(f ;/));/> SO 5 ]s ^W 1 S;Q aa A(C';f;f);f;peO~ aa 

<=> S;Q aa f;f;Q a A(C';f);peO aa 

<=> f;A a (f);peO aa ^ A a (f);peO a . 

Now, take any a | |— M : N and assume [M] G O a , and that a \= M diverges using 
infinitely many DRF reduction steps. Then, a \= (M)° diverges using infinitely many 
NEW reduction steps. However, since l(M) } ±2 [MJ, we have [(M) ]] G O a and therefore 
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[(a, *) * © (0, ®) b ] G |(M)°] for some 6. However, a |= (M)° reduces to some S \= M' using 
\b\ + 1 NEW reduction steps, so \{M)°\ = (c) [5;M'J with |c| = |6| + 1, j? to determinacy. □ 

We have therefore shown observationality. 

Proposition 5.29 (Observationality). (T,T,Q,0) is observational. □ 

5.6. Definability and full-abstraction. We now proceed to show definability for T, and 
through it ip-definability. According to the results of section 13.2.31 this will suffice for full 
abstraction. 

We first make precise the notion of finitary strategy, that is, of (tidy) strategy with 
finite description, by introducing truncation functions that remove inessential branches 
from a strategy's description. 

Definition 5.30. Let a : A — > B in T and let [s] G viewf (a) be of even length. Define 
trunc(s) and trunc'(s) by induction as follows. 

trunc(e) = trunc'(e) = e 



trunc(x (0) y {P) s / ) 



trunc'(x (0) y {P) s / ) 



e , if x = y are store-Q's 

xytrunc(s') , o.w. 

e , if x = y are store-Q's 

e , if x store-Q , y a store-A and s' = e 

e , if x G Ia, y G Ib and s' = e 

^xy trunc'(s') , o.w. 

Moreover, say a is finitary if trunc(<r) is finite, where 

trunc(o") = { [trunc(s)] | [s] G viewf (a) A \s\ > 3}. 

Finally, for any [t] G a define: 

a< t = strat{ [s] G viewf (a) \ 3t' <t. trunc'(s) = r t h } . ▲ 

Hence, finitary are those strategies whose viewfunctions become finite if we delete all the 
store-copycats and all default initial answers — the latter dictated by totality. Moreover, 
the strategy a<t is the strategy we are left with if we truncate viewf (er) by removing all 
its branches of size greater than 3 that are not contained in t, except for the store-copycats 
which are left intact and for the store-A's branches which are truncated to the point of 
leaving solely the store-A, so that we retain tidiness. Note that, in general, trunc'(s) < 
trunc(s) < s. We can then show the following (proof in |48j). 

Proposition 5.31. If a is a strategy and [t] G a is even-length then a<t is a finitary strategy 
with [t] G <7<t and o~<t E o~. □ 
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We proceed to show definability. The proof is facilitated by the following lemma, the proof 
of which is delegated to the appendix. Note that for economy we define strategies by means 
of their viewfunctions modulo totality and even-prefix closure. Moreover, we write a \ i 
for the (total) restriction of a strategy a to an initial move i, and for s with b removed 
from all of its name- lists. 

Lemma 5.32 (Decomposition Lemma). Let a : Q a \A\ — > T\B\ be a strategy. We can 
decompose a as follows. 

1. // there exists an ia(o) such that 3xo. [(<Ma(o)) * ©^o] G o~ then 

Q~ a m 



where: 



Tm^-miTiB})* 



a . , 
= U(0)J 



a' 



Q~ a {Aj — > N 4 {[(a,i m )0}} U {[(a,i A )l]\[(a,i A )} ± [ (a, i A[Q) ) ] } , 



Q a {Aj^TlBj 4 strat{[(a,u (0) ) S ] Gviewf(a)}, 

Q a {Aj - T[5] ^ strat{ [ (a, m) s ] € viewf (a) | [ (a, m) ] ^ [ (a, i A(0) ) ] } . 

2. If there exists i A (o) such that Vi A . (3xo- [(a, i^) * ®£o] G 0") = [(<Ma(o))] > 
then a = {b)ai where: 

a~ b : Q^IA} -> T[5] 4 s trat{ [ (aft, i A(0) ) * ©m s x ~ 6 ] | 

[ (o> * A(0) ) * © m o s ] G viewf (cr) } . 

3. If there exist i A (o)j m o such that Mi A , x. [(a, i A ) * ® x] £ a -4=^> [(a, i A ) x] = [(a, i A (o)) m o] > 
i/ien one o/ £/te following is the case. 

(a) mo = a, a store-Q of type C under ®, in which case a = a' \ (a, ^4(0)) where 

a' : Q^IA} -> T|5] 4 (id, 0); r ; T£'; T<r a ; 

ffa:Wl®P])^T[B] ^ strat{[(o,u (0 ),*c) * ®«] I 

[(a,U(o)) * ©aic*s] G viewf(cr) } , 

fg a !;|;drf c , */a€S(o) 
lQ%;f;drf c ,ifa#a. 



4> : Q S [A] - r[c] 



(b) mo = j A V mo = (is,©) , a store-H, in which case if [(a,i A (p)) * ®moaic] G cr, 
/or some store-Q a and store- A %c, then 

Q S [A] -^Iq s [4]0Q»[4]0T[C] 

T;T(id(g)^;-r);^ 



where: 



T{B\^ — TQ a [A] 

1 a ;n 
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a a :Q~ a lAj^TlC] 4 st rat{ [ (a, i A{0) ) *®(i c ,®)s] 



[ {a, i A (Q) ) * ®m aic s] G viewf (a) 
V [© © s] G viewf (id^) } , 



a' :Q%A\ -> T[B] = strat( { [ (a, i A(0) ) * ®m ys] G viewf (a )\y ^ a} 



U { [(a,«A(o)) * ©m as] 



[© © as] G viewf (id^)}) , 




In frot/i cases above, we take j = min{j | (iMo))j = a}. 



□ 



The proof of definability is a nominal version of standard definability results in game se- 
mantics. In fact, using the Decomposition Lemma we reduce the problem of definability of 
a finitary strategy a to that of definability of a finitary strategy <jq of equal length, with 
a"o having no initial effects (i.e. fresh-name creation, name- update or name-dereferencing). 
On o"o we then apply almost verbatim the methodology of [15] — itself based on previous 
proofs of definability. 

Theorem 5.33 (Definability). Let A,B be types and a : Q\A\ -> T\B\ be finitary. 
Then a is definable. 

Proof: We do induction on (|trunc(cr)|, ||cr||), where we let ||<t|| = max{ \C(s)\ \ [s] € 
viewf (cr) }, i.e. the maximum number of names introduced in any play of trunc(cr). If 
|trunc(cr)| = then a = [stop B J ; otherwise, there exist xo>^4(o) such that [(<Ma(o)) * 
© xq[ G a . By Decomposition Lemma, 

a = {[x = iA(o)], (0-0,0-')); end 

with |trunc(<r')| < |trunc(o")| and (0,0) < (|trunc(<7o)|> ||co||) < (|trunc(cr)|, ||cr||) , so by 
IH there exists term M' such that [M'fl = a'. Hence, if there exist terms Mq,Nq with 

\Mq\ \ (a, imo)) = °~o an d \NqI = [x = i^(o)]; V , then we can see that 



We first construct iVo • Assume that A = A\ x Ai x • • • x A n with ^4j's non-products, 
and similarly B = B\ x • ■ • x B m . Moreover, assume without loss of generality that A is 
segmented in four parts: each of A\, A k is N; each of Ak+i, Ak+i, Ak+k' is [A'-']; each 
of Ak+k'+i, Ak+k'+i, Ak+k'+k" is A\ — > A'-; and the rest are all 1. Take z, z' , z" , z!" to 
be variable-lists of respective types. Define cpo, c/> by: 

(j)o = «i, Kk , with (k%, Kk) being the initial N-segment of f^g) , 



a = [if iV then M else M'j . 




;'i, n' k , , with each K i 



(U(0))fc+i j if (U(0))fe+i G S ( a ) 

z'j , if (U(o))fc+i#a 



A j = min{ j < i \ (i A (o))k+i = (U(o))fc+j } 
i fresh(z) , otherwise . 
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fresh(z) is a meta-constant denoting that Opponent has played a fresh name in Ak+i- If 
the same fresh name is played in several places inside ia(o) then we regard its leftmost 
occurrence as introducing it — this explains the second item in the cases-definition above. 
Now, define 

iV = [{z,z') = {(poA'o)] where: 
[{z, z) = (k, k')] = [zi = Ki] A • • • A [z k = K k ] A [z[ = k[] A • • • A [z' k , = K f k ,] , 
\z' = f resh(t)] ^ \ z ' ai] A ■ ■ ■ A \z' + a, a |] A[^4]A-A \z' + z'^] , 
with the logical connectives A and —> defined using ifO's, and [zi = Ki] using pred's, in the 
standard way. It is not difficult to show that indeed [AT ] = [x = ia(o)]'i V ■ 

We proceed to find Mo . By second part of Decomposition Lemma, do = {b) dg with 
b = nlist(xo), |trunc(dg)| = |trunc(cro)| and ||d || = ||do|| — \b\ . If \b\ > then, by IH, there 
exists term Mg such that [M^] = eg , so taking 

M = vb.M- h 

we have do = [[M ] . 

Assume now |6| = 0, so xq = mo. do satisfies the hypotheses of the third part of the 
Decomposition Lemma. Hence, if m = a, a store-Q of type C under ©, then 

cr = ((id, 4>);t;TC; Ta a ; //) \ (a, i A{0) ) 

with trunc(cr a ) < trunc(cro) • Then, by IH, there exists a | F,y : C |— M a : i? such that 
<J a = [M a ] , and taking 

M ^ J( A y- M «)( !a ) > if aGS(a) 

|(Ay.M a )(!^.) , if a# a A j = min{j \a = {i A (p))k+j } 

we have a = [M ] f (a,« A (o))- 

Otherwise, mo = ja V mo = (i_e, ©), a store-H. If there exists an a G Ac such that do 
answers to [«a(o) * ® m o o] then, by Decomposition Lemma, 

d = (A, d a ) ; r ; T(id<8>0 ; r) ; /x ; Td' ; /U 

with |trunc(d a )| , |trunc(d')| < |trunc(do)| . By IH, there exist a | T |— M a : C and 
a | T |- M' : B such that a a = \M a \ and a' = [M'J . Taking 

' (a := M a );M' , if a G S(a) 
(^ := M a ); M' , if a # a A j = min{ j | a = (^(o))fc+j } 

we obtain do = [Mo] . Note here that a a blocks initial moves [a, i A ] ^ [o, *a(o)] an d hence 

we do not need the restriction. 

We are left with the case of mo being as above and do not answering to any store-Q, 

which corresponds to the case of Player not updating any names before playing mo- 

If mo = {ib, ©) then we need to derive a value term (Vi, V m ) (as B = B\ x • • • x B m ). 
For each p, if B p is a base or reference type then we can choose a V p canonically so that 
its denotation be %b v (the only interesting such case is this of %b v being a name a # a, 
where we take V p to be z'j , for j = min{ j \ a = [i A {o))k+j })• Otherwise, B p = B' p — > B p 
and from d we obtain the (tidy) viewfunction / : Q a {\A\ ®{B' p \) -» T{B'£\ by: 

/ - {[(a,iA{o),iB' p ) * ®s] | [(a,U(o)) * ® G viewf(d ) }. 



M n ± 
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Note that, for any [(a, za) * © (is, ©) (is 1 , ©) s] G viewf (ctq), s cannot contain store-Q's 
justified by © , as these would break (TD2). Hence, / fully describes do after (iB' p , ©) • By 

IH, there exists a \ T,y:B' p |- N : B' p ' such that {NJ = strat(/) ; take then V p = Xy.N. 
Hence, taking 

M ± (Vi,...,V m ) 

we obtain a = [Mo] [ (a,U(0))- 
If mo = JA) played in some A^+k'+i = A\ — > .A", then mo = (i^,©) • Assume that A. = 
^2 x ••• x A' in . with A- p 's being non-products. Now, O can either ask some name a 
(which would lead to a store-CC), or answer at A", or play at some A' ip of arrow type, 
say A\ p = C i)P -> C[ p . Hence, 

viewf ((7 ) = /a U (J =i / p where: 

/a = /oU{[(a,ii( )) * ©(i j4 /,©)(i j4 //,©)s] G viewf (cr )} 
fp ~ /oU{[(a,i A(D )) * ®(^,©)fc, p ,©)s] G viewf (cr )} 
/o - {[(a,U( )) * ®(u<>®) s ] | [© © s] G viewf (id ? ) } 

and where we assume f p = /o if A\ p is not an arrow type. It is not difficult to see that 
/a, f P are viewf unctions. Now, from /a we obtain: 

/^:Q a ([^M<])^Tp?] 4 {[(a,U(o),^») * ®*]| 

[(«, *A(0) ) * © (* A' t , ©) C*^' , ©) * ] G /A } • 

It is not difficult to see that f' A is indeed a viewfunction (note that P cannot play a store- 
Q under © on the RHS once (i A '.'>®) is played, by tidiness). By IH, there exists some 
a \ T,y:A" \- M A : B such that [Ma] = strat(/^). 

From each f p / / we obtain a viewfunction / p : Q S ([A] (8) [Cj )P ]) -> T[C- iP ]] by: 

f P ~ {[(Ma(0)>*<*, p ) * ®»] |[(a.«A(0)) * ®(^,®)fc, p ,®)s] G / p }. 
By IH, there exists some a \ T,y' : Ci tP |— M p : C' ip such that [M p ] = strat(/ p ) , so 
take Vp = Xy'.Mp. For each A- p of non-arrow type, the behaviour of do at A' ip is fully 
described by (ia'.)p j so we choose Vp canonically as previously. (Vi, V^) is now of type 
A[ and describes do's behaviour in A\. 
Now, taking 

M 4 (Ay.MA)^"^,...,^)) 
we obtain d = [M ] f (Ma(o))- □ 
Finally, using the definability result and proposition 15.311 we can now show the following. 
Corollary 5.34. T = (T,T,Q,0) satisfies ip- definability. 

Proof: For each a, A, B, define D\ B = { f : Q & \A\ -> T[B] | / is finitary } . By definabil- 
ity, every / G .D^ B is definable. We need also show: 

(V P eD A ^.A"(f);peO a A 5 ( ff ) ;/) eO") /<V 

Assume the LHS assertion holds and let A s (/) ;p G O s , some p : Q°([A] — « T|B]) -> TN. 
Then, let [s;t] = [(a, *) * © (0, ©) 5 ] G A s (/) ; p , [s] G A s (/) and [t] G p. By propositionEMl 
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[t] G p<t , so A a (/) ; p< t G 0~ a . Moreover, p< t G D%^ Bn , so A a (g) ; p<± G s , by hypothesis. 
Finally, p<± Q p implies A a (g) ; p< t Q A a (g) ; p , hence the latter observable, so / < a g. □ 

Hence, we have shown full abstraction. 

Theorem 5.35. T = (T,T,Q,0) is a fully abstract model of up. □ 



5.7. An equivalence established semantically. In this last section we prove that the 
following terms M and N are equivalent. The particular equivalence exemplifies the fact 
that exceptional behaviour cannot be simulated in general by use of references, even of 
higher-order. 

M = A/, stop : (1 -> 1) -> 1 , N = Xf.f skip ; stop : (1 -► 1) 1 . 
By full-abstraction, it suffices to show [Af] ±2 [A - ], where the latter are given as follows. 

[Af] 



1 



T((1-«T1) -«T1) 



1 



■ r((i^>Ti) -»n) 



/ 



(*,©)(!) 



OQ 
PA 
OQ 

PA 



/ 



(*»®)fi 



(*,©) 







(2) 



OQ 
PA 
OQ 

PA 
OQ 
PQ 



Bottom links stand for deadlocks: if Opponent plays a move (*, ©) {2 ) under the last * in [Af] 
(thus providing the function /) then Player must play [stopj, i.e. remain idle. Similarly 
for [A^J: if Opponent gives an answer to (*,©)( 3 ) (providing thus the outcome of /skip) 
then Player deadlocks the play. 

We have that [Af] C [Nj and therefore, by (JH3jh [Af] < [A] . Conversely, let p : 
T((l -H8 Tl) -Ha Tl) — > TIN] be a tl4 tidy strategy such that [* * © (0,©) s ] G [A - ] ; p for 
some a. Then, because of the form of [A], p can only play initial moves up to (*,©)(i), 
then possibly ask some names to (*, ©) ( i), and finally play (0, ©) a . Crucially, p cannot play 
(*,©)(2) under *: this would introduce a question that could never be answered by [A], 
and therefore p would not be able to play (0, ©) a without breaking well-bracketing. Hence, 
[Af] and p can simulate the whole interaction and therefore [* * © (0, ©) a ] G [Af] ; p. 



6. Conclusion 

Until recently, names used to be bypassed in Denotational Semantics: most approaches fo- 
cussed on the effect achieved by use of names rather than names themselves. Characteristic 
of this attitude was the 'object-oriented' modelling of references (6j [3] and exceptions |19j 
as products of their effect-related methods (in the spirit of [39]). These approaches were 
unsatisfactory to some extent, due to the need for 'bad' syntactic constructors in the ex- 
amined languages. Moreover, they could not apply to the simplest nominal language, the 
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i/-calculus [36], since there the achieved effect couid not be given an extensionai, name- free 
description. These issues revealed the need that names be treated as a proper computational 
effect [S] , and led to the advent of nominal games [21 [21] . 

In this paper we have taken some further steps in the semantics of nominal computation 
by examining the effect of (nominal) general references. We have shown that nominal games 
provide a framework expressive enough that, by use of appropriate monadic (and comonadic) 
constructions, one can model general references without moving too far from the model of 
the i/-calculus [2]. This approach can be extended to other nominal effects too; e.g. in [37] 
it is applied to exceptions (with and without references). Moreover, we have examined 
abstract categorical models for nominal computation, and references in particular (in the 
spirit of 051 [S| ). 

There are many threads in the semantics of nominal computation which need to be 
pursued further. Firstly, there are many nominal games models to build yet: research in 
this direction has already been undertaken in |24 | 122 1 l4"7 ] 131] ■ By constructing models for 
more nominal languages we better understand the essential features of nominal computa- 
tion (e.g. name- availability [31]) and build stronger intuitions on nominal games. Another 
direction for further research is that of characterising the nominal effect — i.e. the compu- 
tational effect that rises from the use of names — in abstract categorical terms. Here we 
have pursued this task to some extent by introducing the monadic-comonadic description 
of nominal computation, but it is evident that the description needs further investigation. 
We see that there are more monad-comonad connections to be revealed, which will simplify 
and further substantiate the presentation. The work of Schopp which examines categories 
with names [41] seems to be particularly helpful in this direction. 

A direction which has not been pursued here is that of decidability of observational 
equivalence in nominal languages. The use of denotational methods, and game semantics 
in particular, for attacking the problem has been extremely successful in the 'non-nominal' 
case, having characterised decidability of (fragments of) Idealized Algol [I3j [34l [32] . It 
would therefore be useful to 'nominalise' that body of work and apply it to nominal calculi. 
Already from [32j we can deduce that nominal languages with ground store are undecidable, 
and from [36j we know that equivalence is decidable for programs of first-order type in the 
^-calculus, but otherwise the problem remains open. 
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Appendix A. Deferred proofs 
I. Proof of closure of tidiness under composition. 

Lemma A.l. Let a : A — > B and r : B — > C be tidy strategies, and let [s;t] € o \t , [s] € er 
and [t] € t, with r s || f 1 = s \\ t ending in a generalised O-move in AB and x, an O-move, 
being the last store- H in r s l . Let x appear in s || t as x. Then, x is the last store-H in s\\t 
and if x is in A then all moves after x in s\\t are in A. Similarly for BC and t. 

Proof: We show the (AB, s) case, the other case being entirely dual. Let s = S1XS2 and let 
x appear in s \\ t as some x. If x is in A then we claim that S2 is in A. Suppose otherwise, 
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so s = S1XS21IIS22 with S21 in A and y a P-move in B. Since x appears in r s~ l , the whole 
of S212/ appears in it, as it is in P-view mode already. Since x is last store-H in r s n , S2iy is 
store-H-less. If y a store-Q then it should be justified by last O-store-H in r s <y ~ l , that is x, 
which is not possible as x is in A. Thus, y must be a store-A, say to some O-store-Q q in 
B. Now, since q wasn't immediately answered by P, tidiness dictates that r s~ l be a copycat 
from move q and on. But then the move following x in s must be a copy of s in B, \ . 
Hence, S2 is in A and therefore it appears in r s~ l , which implies that it is store-H-less. Thus, 
x, is last store-H in s\\t. 

If x is in B then we do induction on |s || t\. The base case is encompassed in the case of 
S2 being empty, which is trivial. So let S2 = S2iys22Z with y justifying z (since x appears 
in r s~ l , z has to be justified in S2). z is not a store-H and neither is it a store-Q, as then 
y would be a store-H after x in r s t . Thus z a store-A and y a store-Q, the latter justified 
by last O-store-H in r s <y ~ l = r s n <y , that is x, so y, z in B. Now, s = s\xs2\ys22Z and 
f = t\x 'ti\y 't22z' ; we claim that S21 and £21 are store-H-less. Indeed, s <2/ 1| t <y > ends in a 
generalised O-move in AB and x is still the last store-H in r s <y ~ ] , from which we have, by 
IH, that x is the last store-H in s <y || t <y i. 

Thus, s || t = (si || t\)xvyuz with t> store-H-less. It suffices to show that u is also store- 
H-less. In fact, u = y . . . y z . . . z for some n > 0. Indeed, by tidiness of r, (t22z')A is either 

n n 

an answer to y', whence £22 = u = e, or a copy of it under the last O-store-H in r t< y P. If 
the latter is in B then a reacts analogously, and so on, so there is initially a sequence y . . .y 
in u, played in B. As u finite, at some point a (or r) either answers y (y') or copycats it 
in A (in C). In the latter case, O immediately answers, as s (t) is in P-view mode in A (in 
C). Hence, in either cases there is an answer that is copycatted to all open y in u, yielding 
thus the required pattern. Therefore, u is store-H-less. □ 

Lemma A. 2. Let a : A — > B and r : B — > C be tidy strategies, and let [s ;t] £ a ; r, 
[s] G a and [t] € r, ura£/i r s \\P = s\\t ending in a generalised O-move. If there exists i > 1 
and store-Q's q%,...,qi with q = q~j, all 1 < j < i, and gi, in B and q~i in AC and 
[(s || t)q~i...q~i] £ a \\ r, then qi is justified by the last O-store-H in s;t. 

Proof: By induction on |s || t\. The base case is encompassed in the case of s ;t containing 
at most one O-store-H, which is trivial. Now let without loss of generality (s || t)q\...qi = 
(sqi...qi) || (^i---^— 1) with [sq\...qi] E a and [t(^...g i -_ 1 ] E r, and let each qj be justified by 
Xj and each q'- by x'j . Moreover, by hypothesis, Xj = x'j, for 1 < j < i — 1, and therefore 

each such pair Xj, x'j appears in s \\ t as some Xj, the latter justifying q~j in s || t. 

Now, assume without loss of generality that s\\t ends in AB. Then, by tidiness of a 
and r we have that, for each j ' > 1, 

Q2j+i = Q2j , q' 2j = q'2j-i , ?j = <7j 

For each j > 1, (?2j+i is a P-move of a justified by some store-H, say X2j+i- By tidiness of 
a, X2j+\ is the last O-store-H in r s <g2j+1 ~ l = r s< g2j ~ l , and therefore X2j+i is the last store-H 
in r s <X2 p. Then, by previous lemma, X2j+i is the last store-H in s <X2j \\ t <x i^ = (s \\ t) <X2j . 
Similarly, X2j is the last store-H in (s \\ t) <X2j _ 1 . Hence, the store-H subsequence of (s \\ t)< xi 
ends in Xi...x\. 

Now, by tidiness of a, x\ is the last O-store-H in r s~ l . If x\ is also the last store-H in 
Hs 1 then, by previous lemma, x\ is the last store-H in s \\ t, hence Xi is the last store-H in 
s ; t. Otherwise, by corollary 15.211 qi is a copy of s.~l = qo ■ If qo is in A then its justifier is 



61 



N. TZEVELEKOS 



s.-2 = xq and, because of CC-mode, the store-H subsequence of s \\ t ends in Xi...x\XQ , so Xi 

is the last O-store-H in s ; t. If qo is in B then we can use the IH on s~ \\ t~ and %, qi, 

and obtain that x~i is the last O-store-H in s~ ; t~ = s ; t. □ 

Proposition A. 3. // a : A — > B and r : B — > C are tidy strategies then so is a ; r. 

Proof: Take odd- length [s ; t] G cr ; r with not both s and t ending in B, r s\\f = s\\t and 
\s;t\ odd. We need to show that s;t satisfies (TD1-3). As (TD2) is a direct consequence 
of the previous lemma, we need only show the other two conditions. Assume without loss 
of generality that s ; t ends in A. 

For (TD1), assume s ;t ends in a store-Q q. Then s ends in some q, which is justified 
by the P-store-H s.-2 = x (also in ^4). q is either answered or copied by a ; in particular, 
if q = a a with a# r s ; t n ~ = s~ ; t then a # s~ , t , so cr copies c/. If cr answers e/ with z then 
2 doesn't introduce new names, so [(s ;£)£:] G a ; r with nlist(z) = nlist(cj) and £ — z_ , as 
required. 

Otherwise, let cr copy q as q\ , say, under last O-store-H in r s n , say x\. If :ri is in B 

then s(/i x ic/ 1; with qi,q[ in and q[ being q\ with name-list that of its justifier, say x±, 

where x\ = x'i . Now [tq'i] G r and it ends in a store-Q, so r either answers it or copies it 

under last O-store-H in r tq'^. In particular, if q = a a with a # r s ; t? then, as above, a # i 

and r copies q[. This same reasoning can be applied consecutively, with copycats attaching 

store-Q's to store-H's appearing each time earlier in s and t. As the latter are finite and 

initial store-H's are third moves in s and t, at some point either a plays qi in A or answers it 

in B, or t plays q[ in C or answers it in B. If an answer occurs then it doesn't introduce new 

names (by tidiness), so it is copycatted back to q closing all open q^s and q'^s. Otherwise, 

we need only show that, for each j, qj = q, which we do by induction on j: qi = q s,t ' e and 

(s< qj _ ih , Tri1 , 

Qj+l = Q - 3 = Qj = Q- J- his proves (IDlJ. 

For (TD3), assume s;t = uq {0) q^ P )Vy with q( )Q(p) v a copycat. Then, either both 

Q(o)>Q(p) are m A, or one is in A and the other in C. Let's assume g (0 ) in ^4 and g (P ) in C 

— the other cases are shown similarly. Then, c/( 0) her(editarily)-justifies y, and let s.-l = y 

be justified by some x in s. Now, as above, q~(o)Q(p) is witnessed by some q( )Qi ■ ■ ■ QiQ(p) m 

s || t, with odd i > 1 and all c/^'s in B. We show by induction on 1 < k < i that there exist 

xi, ...,x k ,x[, ...,x' k ,yi, ...,y k ,y[, ...,y' k in B such that (syi . . . y k \\ ty[ . . . y' k ) G a \\ r and, for 

each relevant j > 1, 

y± = yj_ = y_ > 2/1 = 2/ > 2/2j = 2/2./+1 , 2/sy-i = 2/2? > ^± = ^j_ 

with c/j her-justifying in s and Xj justifying y.,- (and g'- her-justifying s'- in t and x'a 
justifying y'), and consecutive in s || and x±,x also consecutive. 

For k = 1, let s = siq^ 0) qiS2y. Now, q (0 ) her-justifying y implies that g (0) her-justifies 
y, hence it appears in r s~ l . Thus r s~ l = s^q^qis^y , so, by (original definition of) tidiness, 
[syi] G cr with y\ = y justified by x\ = r s n .-3 = s.-3. Then, [ty[] G r with y[ = y±. 
By proposition 15.191 q(o)QiS2 1S a copycat, so q\ her-justifies x\ and therefore xi,?/i in i?. 
Finally, x = r s~ l .-2 = s.-2 is a P-move so x\,x are consecutive in s || t. 

For even k > 1 we have, by IH, that (syi . . . yu-i \\ ty[ ■ ■ ■ y&-i) e ° II r w itli j/jj.^ an O- 
move her-justified by q' k _i, an O-move. Then, 4k_ x appears in r ty' x ...y' k _^ , so r ty^...y^_ 1 ~ l = 
hq'k-l^y'k-v thus ( b y tidiness) [ty'i-y'^yi] G r with y^. = y' k _ x justified by x' k = 
r ty' 1 ...y' k _^ ] .-3. Now, is a copycat so c/^, her-justifies x' k . Moreover, x' k ,x' k _y are 

consecutive in r f, so, as x' k _ x a P-move, they are consecutive in t, and therefore x k ,x k _\ 
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consecutive in s \\ t. Finally, [syi . . . Uk-iUk] G c with yt = y'u- The case of k odd is entirely 
dual. 

Now, just as above, we can show that there exist x' i+1 ,y' i+1 in C such that G 
r and y' i+1 justified by x' i+1 , x' i+1 her. justified by g (P) , etc. Then [(s;t)yi + i\ G cr ; r with 
Xi + i, oti, aci, x consecutive in s\\t, so xi + \ = (s;i).-3. Finally, as above, yi + \ = jjj = y, 
all j, as required. □ 



II. Proof of Decomposition Lemma \5.32l 1 is straightforward: we just partition a into a® 
and a' and recover it by use of [x = ia(o)] an d end. For 2, we just use the definition of 
name-abstraction for strategies and the condition on a. 

For 3, it is clear that thq is either a store-Q a under ©, or a store-H jA, or a store-H 

(1b,©)- 

In case m = a with a G Ac, we define a a : Q S ([L4] <g> [C]) Tp?] = strat(/ a ) , 
where 

fa - {[(Ma(o)^c) * ®s] \ [(a,U(o)) * ©a^cs] G viewf(a)}. 

To see that f a is a viewfunction it suffices to show that its elements are plays, and for 
that it suffices to show that they are legal. Now, for any [(0,^(0)^0*) * © s] £ f a with 
[(0,^(0)) * ®aics] G viewf(cr), (a, ia(o)i *c) * © s is a justified sequence and satisfies well- 
bracketing, as its open Q's outside s are the same as those in (a, ia(o)) * ®aics, i.e. ©. 
Moreover, visibility is obvious. Hence, f a is a viewfunction, and it inherits tidiness from a. 
Moreover, we have the following diagram. 

Q*[A] <ld ' 0):r;TC '; TQ\{A\ ® [CI) — T 2 M ? T{B\ 

(«,U(o)) 
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Because of the copycat links, we see that 

viewf ( (id, 0) ;t ;T(' ;Ta a ; fi) \ (a,U(t>)) 

= {[(a,*A(o)) *®ai c s] \ [(a,i A ( ),i c ) * ® s] G viewf(a a )} = viewf(cr) , 

as required. Note that the restriction to initial moves [0,^(0)] taken above is necessary in 
case (j) contains a projection (in which case it may also answer other initial moves). 
In case tuq = ja (so tuq a store-H) and [(a,i A (o)) * ®moaic] G c, we have that 

a = strat(/ a U(/'\/a)), 
where f a , f are viewfunctions of type Q a [[^4]] — > ^p?], so that f a determines u's behaviour 
if O plays a at the given point, and /' \ f' a determines ex's behaviour if O plays something 
else. That is, 

fa = {[(a,U(o)) * ®3Aai c s] G viewf (cr) } 

fa ~ { [(Ma(o)) * ®jAas] I [© © as] G viewf(idg) } 

/' - fa u { [(fl.'A(o)) * ©JAys] G viewf (a) \y ^ a} . 

/' differs from viewf (a) solely in the fact that it doesn't answer a but copycats it instead; 
it is a version of viewf (a) which has forgotten the name-update of a. On the other hand, 
f a contains exactly the information for this update. It is not difficult to see that /', f a are 
indeed viewfunctions. We now define 

fa '■ Q a {A\ — > T{C\ 4 {[{a,t m )*®{i c ,®)s]\ 

[ (a, ia(o) ) * ®3A ai c s] G /„ V [© © s] G viewf (id f ) } 



a' 



a" 



Q*\A\^T{C\ 4 strat(/^) 



Q S M - 4 strat(/') 

g a [Al->r[B] 4 (A, cr a ) ; r ; T(id(g)0 ; r) ; /x ; = ; Tcr' ; /U . 

We can see that <r' is a tidy strategy. For a a , it suffices to show that f' a ' is a viewfunction, 
since tidiness is straightforward. For that, we note that even-prefix closure and single- 
valuedness are clear, so it suffices to show that the elements of f" are plays. 

So let [(<Ma(o)) * ®(ic,®)s] G f" with [(a,^( )) * ®JAaics] G viewf (a). We have 
that (a, «a(o)) * ©(ic)©)s is a justified sequence, because s does not contain any moves 
justified by ja or a. In the former case this holds because we have a P-view, and in the 
latter because a is a closed (answered) Q. Note also that there is no move in s justified by 
©: such a move (ib,®) would be an A ruining well-bracketing as j A is an open Q, while a 
store-Q under © is disallowed by tidiness as s.l is an O-store-H. Finally, well-bracketing, 
visibility and NC's are straightforward. 

We now proceed to show that a = a". By the previous analysis on f" we have that 
a a = cr' a ;r] (modulo totality) where a' a is the possibly non-total strategy 

a' a : Q%A\ -» {C\ = strat{ [ (a, i A(fi) ) i C s] \[(a,i A(0) ) * ®j A ai c ] € f a } , 

and hence a" \ (a, ia(o)) = {A, cr' a ) ; id<8>0 ; r ; = ; Tcr' ; jjl . Analysing the behaviour of the 
latter composite strategy and observing that the response of a" to inputs different than 
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[ a )M(o)] is merely the initial answer * imposed by totality, we obtain: 

viewf(cr") = {[(a,«A(0)) * ©j'aos], [(a,i A{0 )) * ® jaVs] G viewf(cr") \ y ^ a} 

= {[(a,*A(o)) * ©jAaics] I [(o,U(o)) * ®(*C,®)»] G /a A s- 1 G >%7] } 

U{[(a,i A (o)) * ®JaVs] G /'|i/^o} 
= / a U(/'\/:)=viewf( ( 7) 

as required. 

In case x = (is,®) we work similarly as above. □ 
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